46 matches found
CVE-2016-5062
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans...
CVE-2016-5061
CVE-2016-5061 affects the Aternity webserver (pre-9.0.1). The issue is a cross-site scripting (XSS) vulnerability in the web UI pages (HTTPAgent, MacAgent, getExternalURL, retrieveTrustedUrl) that allows remote attackers to inject arbitrary script/HTML. The NVD entries classify it as CVSSv2/4.3 (...
CVE-2016-5061
Multiple cross-site scripting XSS vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPAgent, 2 MacAgent, 3 getExternalURL, or 4 retrieveTrustedUrl page...
CVE-2016-5062
CVE-2016-5062 affects the Aternity web server prior to version 9.0.1, where getMBeansFromURL allows loading of Java MBeans without authentication. This enables a remote attacker to register attacker-controlled MBeans and execute arbitrary Java code on the server. Impact is remote code execution w...
Aternity Remote Code Execution Vulnerability
Aternity webserver is a web server from the American company Aternity. A remote code execution vulnerability exists in Aternity 9 and prior versions of the web server, which stems from the program failing to require authentication for getMBeansFromURL to download Java Mbeans. A remote attacker ca...
Aternity version 9 vulnerable to cross-site scripting and remote code execution
Overview The Aternity webserver, version 9 and prior, is reportedly vulnerable to cross-site scripting XSS on several web pages, and remote code execution via inclusion of untrusted functionality by default due to improper authentication before execution. Description CWE-80: Improper Neutralizati...