SUSE CVE-2013-1557

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

SUSE CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...

SUSE CVE-2015-0225

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request...

SUSE CVE-2015-2342

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol...

SUSE CVE-2015-4733

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

SUSE CVE-2015-4860

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883...

SUSE CVE-2015-4883

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860...

SUSE CVE-2016-3087

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...

SUSE CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

CVE-2023-25141

Apache Sling JCR Base 3.1.12 has a critical injection vulnerability when running on old JDK versions JDK 1.8.191 or earlier through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDN...

The vulnerability of the Dynamic Method Invocation (DMI) mechanism implemented in the Apache Struts software framework allows attackers to execute arbitrary code.

The vulnerability of the Dynamic Method Invocation DMI mechanism in the Apache Struts software framework is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Dynamic Method Invocation (DMI) mechanism implemented in the Apache Struts software framework allows attackers to execute arbitrary code.

The vulnerability of the Dynamic Method Invocation DMI mechanism in the Apache Struts software framework lies in the lack of measures taken to sanitize input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Security Bulletin: RMI vulnerability in Java, as used with WebSphere eXtreme Scale

Abstract A security vulnerability in the Remote Method Invocation component of the Java Runtime Environment allows unauthenticated network attacks which can result in unauthorized operating system takeover including arbitrary code execution. Content VULNERABILITY DETAILS: CVE-2013-1537 A...

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Control Center

Abstract A number of security vulnerabilities have been discovered in the Java Runtime Environment and the Cognos Business Intelligence components included in IBM SCC. Content CVE ID: CVE-2013-1557 DESCRIPTION: Unspecified vulnerability in the Java Runtime Environment JRE related to RMI Remote...

Apache OFBiz 代码问题漏洞

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code issue vulnerability exists in Apache OFBiz Solr plugin 18.12.05 and earlier, which stems from the default configuration of automatically issuing RMI requests on port 1099 on localhost, which can be...

Apache Geode 代码问题漏洞

A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures, which stems from a vulnerability to untrusted data deserialization wh...

CVE-2021-45983

NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution...

Cross-site Scripting in Apache Struts

Multiple Cross-Site Scripting XSS in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation DMI is enabled, the action name is generated dynamically...

GHSA-56F8-G68R-J699 Cross-site Scripting in Apache Struts

Multiple Cross-Site Scripting XSS in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation DMI is enabled, the action name is generated dynamically...

Code injection in Apache Struts

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...