PT-2022-16457 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: Pega Platform affected versions not specified Description: The issue arises when an on-premise installation of the Pega Platform has the JMX interface port exposed to the Internet without proper port filtering configuration. This could allow...

karaf: insecure java deserialization

A flaw was found in Apache Karaf. This issue allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX...

GHSA-JH5G-9M4V-9VV9 Insecure Java Deserialization in Apache Karaf

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

CVE-2021-41766

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

CVE-2021-41766

CVE-2021-41766 affects Apache Karaf. The issue arises from insecure Java deserialization in the JMX-based management interface used by Karaf, where the JMX server class path is not protected against unauthenticated deserialization. This can enable an attacker to monitor applications and the Java ...

CVE-2021-41766 Insecure Java Deserialization in Apache Karaf

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

activemq: improper authentication allows MITM attack

Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...

Beanshooter - JMX Enumeration And Attacking Tool

Beanshooter is a command line tool written in Java , which helps to identify common vulnerabilities on JMX endpoints. Introduction JMX stands for Java Management Extensions and can be used to monitor and configure the Java Virtual Machine from remote. Applications like tomcat or JBoss are often...

GHSA-6G88-99WJ-8MGG Command injection in Apache Flink

A vulnerability in Apache Flink where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reportername.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind th...

CVE-2021-1478

A vulnerability in the Java Management Extensions JMX component of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to cause a denial of service DoS condition on an...

Design/Logic Flaw

A vulnerability in the Java Management Extensions JMX component of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to cause a denial of service DoS condition on an...

CVE-2021-1478 Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the Java Management Extensions JMX component of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to cause a denial of service DoS condition on an...

Vulnerabilities fixed in Cisco Unified Communications Manager

Vulnerabilities have been fixed in Cisco Unified Communications Manager. An authenticated malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-1478 potentially exploit it to cause a Denial-of-Service attack. To do so, the Java Management Extensions JMX network...

Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition Denial of Service Vulnerabilities

Cisco Unified Communications Manager is the powerful call processing component of the Cisco Unified Communications solution. It is a scalable, distributable, and highly available enterprise Voice over IP call processing solution.Cisco Unified Communications Manager Session Management Edition is t...

Cisco Unified Communications Manager 安全漏洞

Cisco Unified Communications Manager is the powerful call processing component of the Cisco Unified Communications solution. It is a scalable, distributable, and highly available enterprise Voice over IP call processing solution.Cisco Unified Communications Manager Session Management Edition is t...

camel: DNS Rebinding in JMX Connector could result in remote command execution

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0...

cxf: JMX integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...

cxf: JMX integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...

Apache Cassandra RMI Rebinding Vulnerability

Apache Cassandra is an open source distributed NoSQL database system . Apache Cassandra suffers from an RMI rebinding vulnerability that originates from a man-in-the-middle attack by manipulating the RMI registry to perform a man-in-the-middle attack and capture usernames and passwords used to...

Apache Karaf Code Issue Vulnerability

Apache Karaf is the United States Apache Apache Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. A code issue vulnerability exists in Apache Karaf versions prior to 4.2.9. In Karaf, JAAS is used for JMX authentication and AC...