Lucene search

RedhatCVE-2011-0527

HistoryAug 15, 2011 - 7:55 p.m.

CVE-2011-0527

2011-08-1519:55:01

CWE-287

redhat

web.nvd.nist.gov

cve-2011-0527

vmware

vfabric tc server

springsource tc server

jmx authentication

obfuscated passwords

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

59.8%

JSON

VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.

Affected configurations

Nvd

Node

vmwaretc_serverMatch2.0.0

vmwaretc_serverMatch2.0.0sr01

vmwaretc_serverMatch2.0.1

vmwaretc_serverMatch2.0.2

vmwaretc_serverMatch2.0.2sr01

vmwaretc_serverMatch2.0.2sr02

vmwaretc_serverMatch2.0.3

vmwaretc_serverMatch2.0.4

vmwaretc_serverMatch2.0.5

vmwaretc_serverMatch2.0.5sr01

vmwaretc_serverMatch2.1.0

vmwaretc_serverMatch2.1.1

vmwaretc_serverMatch2.1.1sr01

VendorProductVersionCPE
vmwaretc_server2.0.0cpe:2.3:a:vmware:tc_server:2.0.0:*:*:*:*:*:*:*
vmwaretc_server2.0.0cpe:2.3:a:vmware:tc_server:2.0.0:sr01:*:*:*:*:*:*
vmwaretc_server2.0.1cpe:2.3:a:vmware:tc_server:2.0.1:*:*:*:*:*:*:*
vmwaretc_server2.0.2cpe:2.3:a:vmware:tc_server:2.0.2:*:*:*:*:*:*:*
vmwaretc_server2.0.2cpe:2.3:a:vmware:tc_server:2.0.2:sr01:*:*:*:*:*:*
vmwaretc_server2.0.2cpe:2.3:a:vmware:tc_server:2.0.2:sr02:*:*:*:*:*:*
vmwaretc_server2.0.3cpe:2.3:a:vmware:tc_server:2.0.3:*:*:*:*:*:*:*
vmwaretc_server2.0.4cpe:2.3:a:vmware:tc_server:2.0.4:*:*:*:*:*:*:*
vmwaretc_server2.0.5cpe:2.3:a:vmware:tc_server:2.0.5:*:*:*:*:*:*:*
vmwaretc_server2.0.5cpe:2.3:a:vmware:tc_server:2.0.5:sr01:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	tc_server	2.0.0	cpe:2.3:a:vmware:tc_server:2.0.0:::::::*
vmware	tc_server	2.0.0	cpe:2.3:a:vmware:tc_server:2.0.0:sr01::::::
vmware	tc_server	2.0.1	cpe:2.3:a:vmware:tc_server:2.0.1:::::::*
vmware	tc_server	2.0.2	cpe:2.3:a:vmware:tc_server:2.0.2:::::::*
vmware	tc_server	2.0.2	cpe:2.3:a:vmware:tc_server:2.0.2:sr01::::::
vmware	tc_server	2.0.2	cpe:2.3:a:vmware:tc_server:2.0.2:sr02::::::
vmware	tc_server	2.0.3	cpe:2.3:a:vmware:tc_server:2.0.3:::::::*
vmware	tc_server	2.0.4	cpe:2.3:a:vmware:tc_server:2.0.4:::::::*
vmware	tc_server	2.0.5	cpe:2.3:a:vmware:tc_server:2.0.5:::::::*
vmware	tc_server	2.0.5	cpe:2.3:a:vmware:tc_server:2.0.5:sr01::::::

Rows per page:

1-10 of 131

References

archives.neohapsis.com/archives/fulldisclosure/2011-08/0122.html

securitytracker.com/id?1025923

www.securityfocus.com/bid/49122

www.springsource.com/security/cve-2011-0527

exchange.xforce.ibmcloud.com/vulnerabilities/69156

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

59.8%

JSON

Related for CVE-2011-0527