Primary

Context

Datavane TIS Unrestricted File Upload and Deserialization Vulnerability

Vulnerability

A vulnerability exists in Datavane TIS versions prior to 4.3.0, allowing unrestricted upload of files with dangerous types and deserialization of untrusted data. This issue arises from inadequate security measures in the handling of XML files, specifically in the XStream library, which could lead to remote code execution by allowing the deserialization of arbitrary classes.

Impact

Exploitation of this vulnerability could result in remote code execution on the server where Datavane TIS is running.

Remediation

Users can update to Datavane TIS version 4.3.0 or later to address this vulnerability.

Added: Jan 27, 2026, 9:25 AM

Updated: Jan 27, 2026, 3:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.6

remediation

0.0

relevance

2.4

threat

0.0

urgency

10.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.6

remediation

0.0

relevance

2.4

threat

0.0

urgency

10.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Datavane TIS Unrestricted File Upload and Deserialization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating