Authentication flaw

2016-09-2910:59:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.3%

JSON

The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.

CPENameOperatorVersion
aternityle9.0

CPE	Name	Operator	Version
	aternity	le	9.0

References

www.kb.cert.org/vuls/id/706359

www.securityfocus.com/bid/93208