|Impact||CVSS V3 rating: 10 (Critical)|
|Reported||21st January 2021|
|Reported by||Johannes Mortiz, an independent Security researcher|
|Fixed||8th Feb, 2021|
|Affected Builds||Builds 125219 and below|
|Fixed in||Builds 125220/125314|
|Overview||Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.|
|Recommended Fix||Upgrade to NCM Version 12.5.220 or above.
Contact our support team (email@example.com) in case of queries.
Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class.
We recommend that you upgrade to NCM Version 12.5.220 or contact our support team at firstname.lastname@example.org to fix this issue.
Source and Acknowledgements
Find out more about CVE-2021-3287 from the CVE dictionary.