Relution Remote Code Execution via Java Deserialization Vulnerability
![Figure 1: A diagram taken from the official Relution documentation outlines the architecture of the application when deployed on-premises.](https://www.praetorian.com/wp-content/uploads/2024/06/01-official-relution-documentation.png)
Overview In this article we discuss a recent deserialization vulnerability we found in Relution (CVE-2023-48178), a mobile device management product that is popular among multinational German corporations. CVE-2023-48178 can potentially lead to remote code execution and complete compromise of the MDM application and clients managed by the solution. The deserialization vulnerability exists in a component […]