CVE-2020-12835

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network...

CVE-2013-3274

EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors...

Java RMI Registry Interfaces Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/java/serialization' class MetasploitModule 'Java RMI Registry Interfaces Enumeration', 'Description' = %q This module gathers information from an RMI endpoi...

CVE-2023-0925

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

Code injection

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

CVE-2023-0925

Summary (CVE-2023-0925): Software AG webMethods OneData 10.11 is exposed with an embedded Azul Zulu Java 11.0.15 that runs a Java RMI registry on port 2099 and two RMI interfaces on a high, dynamically assigned port. An unauthenticated attacker with network access to these ports can instruct the ...

CVE-2023-0925 Software AG webMethods OneData Deserialization Vulnerability

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

CVE-2023-29412

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface...

Design/Logic Flaw

A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...

CVE-2023-29412

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface...

CVE-2023-29412

CVE-2023-29412 is an OS command injection vulnerability in Schneider Electric’s APC Easy UPS Online Monitoring Software (Windows) that could allow remote code execution via the Java RMI interface. Affected products include APC Easy UPS Online Monitoring Software (versions up to 2.5-GA-01-22261) a...

CVE-2023-29411

CVE-2023-29411 describes a Missing Authentication for Critical Function vulnerability in Schneider Electric’s Easy UPS Online Monitoring Software (Windows APC Easy UPS Online Monitoring Software and Schneider Electric Easy UPS Online Monitoring Software). The flaw allows changes to administrative...

CVE-2023-29411

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...

CVE-2021-45983

NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution...

Design/Logic Flaw

NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution...

PT-2022-12484 · Netscout · Netscout Ngeniusone

Name of the Vulnerable Software and Affected Versions: NetScout nGeniusONE version 6.3.2 Description: The issue allows Java RMI code execution. Recommendations: For NetScout nGeniusONE version 6.3.2, at the moment, there is no information about a newer version that contains a fix for this issue...

CVE-2020-23621

The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object...

CVE-2021-41766

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

Deserialization of untrusted data

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...