Relution Remote Code Execution via Java Deserialization Vulnerability

Figure 1: A diagram taken from the official Relution documentation outlines the architecture of the application when deployed on-premises.

Overview In this article we discuss a recent deserialization vulnerability we found in Relution (CVE-2023-48178), a mobile device management product that is popular among multinational German corporations. CVE-2023-48178 can potentially lead to remote code execution and complete compromise of the MDM application and clients managed by the solution. The deserialization vulnerability exists in a component […]