PT-2024-13137 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions through 7.1.4 before 7.1.5 and before 7.2.1 Description: An issue was discovered in Couchbase Server where Unauthenticated RMI Service Ports are Exposed in Analytics, posing a significant risk. This could allow an...

VulnCheck KEV: CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

The vulnerability of the RMI software interface for controlling power sources in Voltronic Power View allows a perpetrator to execute arbitrary code.

The vulnerability of the RMI software interface for controlling power sources in Voltronic Power ViewPower is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code using a specially created...

PT-2023-9263 · Apache · Apache Kafka

Name of the Vulnerable Software and Affected Versions: Kafka UI versions prior to 0.7.2 Description: The issue is related to the deserialization mechanism in the Kafka UI web interface for Apache Kafka management. It allows a remote attacker to execute arbitrary code by exploiting the vulnerabili...

CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...

CVE-2023-0925

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

Code injection

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

CVE-2023-0925 Software AG webMethods OneData Deserialization Vulnerability

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

PT-2023-16621 · Software Ag · Webmethods Onedata

Name of the Vulnerable Software and Affected Versions: webMethods OneData version 10.11 Description: The issue allows an unauthenticated attacker with network connectivity to the Java RMI registry and RMI interface ports to abuse the functionality and instruct the webMethods OneData application t...

UBUNTU-CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

PT-2023-5558

Name of the Vulnerable Software and Affected Versions: Apache Jackrabbit versions 2.20.10 and earlier stable branch Apache Jackrabbit versions 2.21.17 and earlier unstable branch Description: A Java object deserialization issue in Apache Jackrabbit webapp/standalone on all platforms allows an...

CVE-2023-32336

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285...

CVE-2023-29412

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface...

SUSE CVE-2003-0432

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the 1 BGP, 2 WTP, 3 DNS, 4 802.11, 5 ISAKMP, 6 WSP, 7 CLNP, 8 ISIS, and 9 RMI dissectors...

SUSE CVE-2011-3556

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

SUSE CVE-2011-3557

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

SUSE CVE-2013-0424

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information...

SUSE CVE-2013-1557

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

SUSE CVE-2015-0225

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request...

SUSE CVE-2015-2342

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol...