7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.048 Low
EPSS
Percentile
91.8%
Added: 07/26/2006
CVE: CVE-2006-3733
BID: 19075
OSVDB: 27419
The Cisco Security Monitoring, Analysis, and Response System (CS-MARS) recognizes and correlates network attacks.
CS-MARS includes the JBoss web application server with insufficient access control to the **jmx-console**
component. This component can be used by a remote attacker to execute arbitrary commands.
Upgrade to CS-MARS 4.2.1 or higher or apply the upgrade referenced in Cisco Security Advisory cisco-sa-20060719-mars.
<http://www.securityfocus.com/archive/1/440641>
cs-mars