A technical blog post on finding and exploiting an authenticated JDBC deserialization vulnerability in JSCAPE MFT Server to gain remote command execution. This vulnerability is caused by an out-of-date H2 database library bundled into the default install package. A proof of concept is provided that works on Windows x64.
