camel: DNS Rebinding in JMX Connector could result in remote command execution

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0...

cxf: JMX integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...

cxf: JMX integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...

Apache Cassandra RMI Rebinding Vulnerability

Apache Cassandra is an open source distributed NoSQL database system . Apache Cassandra suffers from an RMI rebinding vulnerability that originates from a man-in-the-middle attack by manipulating the RMI registry to perform a man-in-the-middle attack and capture usernames and passwords used to...

Apache Karaf Code Issue Vulnerability

Apache Karaf is the United States Apache Apache Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. A code issue vulnerability exists in Apache Karaf versions prior to 4.2.9. In Karaf, JAAS is used for JMX authentication and AC...

Apache Camel Input Validation Error Vulnerability

Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern, referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , an...

The vulnerability of the Apache Tomcat application server’s JMX component stems from a lack of protection mechanisms for registration data. This allows attackers to gain unauthorized access to confidential information, cause service failures, and compromise data integrity.

The vulnerability of the Apache Tomcat application server’s JMX component is related to the lack of a mechanism to protect registration data. Exploiting this vulnerability can allow attackers to gain unauthorized access to confidential data, cause service failures, and compromise the integrity of...

tomcat: local privilege escalation

A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user...

vRealize Operations for Horizon Adapter Remote Code Execution Vulnerability

VMware vRealize Operations is operations management software that spans physical, virtual, and cloud environments and supports network environments based on vSphere, Hyper-V, or Amazon Web Services. A security vulnerability exists in vRealize Operations for Horizon Adapter versions 6.7.x prior to...

CVE-2019-11288

In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker...

Apache Solr 8.1.1 < 8.3.0 Remote Code Execution

CVE-2019-12409 is a flaw in the default configuration of the solr.in.sh file in Apache Solr. If this file is used in its default configuration in versions 8.1.1 and 8.2.0, unauthenticated access to the Java Management Extensions JMX monitoring on the RMIPORT default 18983 is allowed. Anyone with...

DEBIAN-CVE-2019-12418

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...

solr: remote code execution due to unsafe deserialization

A flaw was found in the Apache Solr's Config API, where it would permit the configuration of the JMX server via an HTTP POST request. An attacker could use this flaw to direct traffic to a malicious RMI server, and then trigger remote code execution or conduct further attacks...

UBUNTU-CVE-2019-0192

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side...

CVE-2018-15764

Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM...

CVE-2018-6667

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions JMX...

CVE-2018-6667

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions JMX...

CVE-2018-6667 McAfee Web Gateway - Authentication Bypass vulnerability

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions JMX...

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

McAfee Web Gateway Authentication Bypass Vulnerability

McAfee Web Gateway MWG is a security gateway product from McAfee USA. The product provides threat protection, application control, and data loss prevention. An authentication bypass vulnerability exists in the management user interface in McAfee MWG. A remote attacker could exploit this...