This vulnerability in Pivotal CRM v6.6.04.08 involves the potential for remote code execution through the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components. It is related to CWE-502, indicating issues with deserialization of untrusted data. The CVSS 3.1 base score is 8.1, reflecting high impact with network attack vector, high attack complexity, no privileges required, no user interaction, and high confidentiality, integrity, and availability impacts. No known exploits in the wild or vendor remediation details are available at this time.

Successful exploitation could allow a remote attacker to execute arbitrary code on the affected system, potentially leading to full compromise including confidentiality, integrity, and availability impacts. The attack requires high complexity and no privileges or user interaction, making it a significant risk if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should monitor vendor communications for updates. No specific mitigations or workarounds are provided in the current data.