Lucene search
MitreCVE-2009-4843HistoryMay 07, 2010 - 6:24 p.m.
CVE-2009-4843
2010-05-0718:24:15
CWE-287
mitre
web.nvd.nist.gov
30
cve-2009-4843
toutvirtual virtualiq pro
jboss console
remote attackers
arbitrary commands
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.2
Confidence
Low
EPSS
0.028
Percentile
90.6%
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console.
Affected configurations
Node
toutvirtualvirtualiqMatch3.5-pro
| Vendor | Product | Version | CPE |
|---|---|---|---|
| toutvirtual | virtualiq | 3.5 | cpe:2.3:a:toutvirtual:virtualiq:3.5:-:pro:*:*:*:*:* |
Related
prion
prion
Authentication flaw
2010-05-07 18:24:00
cvelist
cvelist
CVE-2009-4843
2010-05-07 17:43:00
nvd
nvd
CVE-2009-4843
2010-05-07 18:24:15
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.2
Confidence
Low
EPSS
0.028
Percentile
90.6%
Related for CVE-2009-4843