Qlik Talend JobServer和Qlik Talend Runtime 安全漏洞

Qlik Talend JobServer and Qlik Talend Runtime are both products of Qlik, a US-based company. Qlik Talend JobServer is a data integration task execution and scheduling service component. Qlik Talend Runtime is a data integration and application runtime environment platform. Both Qlik Talend...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the RMI integration. An attacker can execute arbitrary code with the privileges of the user running the instrumented JVM by sending specially crafted serialized data to a network-exposed JMX or RMI...

EUVD-2017-16372

Malware in sbrugna...

EUVD-2018-17257

Malware in sbrugna...

EUVD-2020-29422

Malware in sbrugna...

EUVD-2018-17256

Malware in sbrugna...

CVE-2020-11998

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack:...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

PT-2024-12602 · Loftware · Loftware Spectrum

Name of the Vulnerable Software and Affected Versions: Loftware Spectrum versions through 4.6 Description: The issue concerns an unprotected JMX Registry in Loftware Spectrum. Recommendations: For versions through 4.6, consider restricting access to the JMX Registry as a temporary mitigation...

PT-2024-22337 · Ngrinder · Ngrinder

Name of the Vulnerable Software and Affected Versions: nGrinder versions prior to 3.5.9 Description: The issue allows a connection to a malicious JMX/RMI server by default, potentially leading to the execution of arbitrary code via the RMI registry by a remote attacker. Recommendations: For...

VulnCheck KEV: CVE-2016-8735

Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension JMX ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues...

SUSE CVE-2012-5071

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX...

SUSE CVE-2013-2457

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from...

cxf: JMX integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

CVE-2020-8574

CVE-2020-8574 affects NetApp Active IQ Unified Manager for Linux prior to 9.6, where the Java Management Extensions (JMX) RMI service is enabled, enabling unauthorized code execution by local users. The connected sources confirm the issue is tied to the pre-9.6 Linux builds and describe local acc...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

CVE-2019-20405

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery CSRF vulnerability...

CVE-2019-18572

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can...

CVE-2018-11247

The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81...