Lucene search

[email protected]CVE-2009-4843

HistoryMay 07, 2010 - 6:24 p.m.

CVE-2009-4843

2010-05-0718:24:15

CWE-287

[email protected]

web.nvd.nist.gov

cve-2009-4843

toutvirtual virtualiq pro

jboss console

remote attackers

arbitrary commands

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%

JSON

ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console.

Affected configurations

NVD

Node

toutvirtualvirtualiqMatch3.5-pro

CPENameOperatorVersion
toutvirtual:virtualiqtoutvirtual virtualiqeq3.5

CPE	Name	Operator	Version
toutvirtual:virtualiq	toutvirtual virtualiq	eq	3.5

References

secunia.com/advisories/37297

www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt

www.securityfocus.com/archive/1/507729/100/0/threaded

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2009-4843

prion1 cvelist1 nvd1