Lucene search
K

45 matches found

NVD
NVD
added 2020/07/31 8:15 p.m.16 views

CVE-2020-5396

VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create...

8.8CVSS9AI score0.01891EPSS
Exploits0References1
OSV
OSV
added 2020/07/31 8:15 p.m.3 views

CVE-2020-5396

VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create...

8.8CVSS7.6AI score0.01891EPSS
Exploits0References1
NVD
NVD
added 2020/07/31 8:15 p.m.16 views

CVE-2019-11286

VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against t...

9.1CVSS9.2AI score0.01786EPSS
Exploits0References1
OSV
OSV
added 2020/07/31 8:15 p.m.5 views

CVE-2019-11286

VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against t...

9.1CVSS7.6AI score0.01786EPSS
Exploits0References1
Prion
Prion
added 2020/07/31 8:15 p.m.14 views

Remote code execution

VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against t...

6.5CVSS9AI score0.01786EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2020/07/31 8:15 p.m.11 views

Default configuration

VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create...

6.5CVSS8.9AI score0.01891EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/07/31 7:40 p.m.24 views

CVE-2019-11286 JMX Credential Deserialization in GemFire

VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against t...

9CVSS9.2AI score0.01786EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/31 7:40 p.m.23 views

CVE-2020-5396 JMX Insecure Default Configuration in GemFire

VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create...

9AI score0.01891EPSS
Exploits0References1
CVE
CVE
added 2020/07/31 7:40 p.m.42 views

CVE-2019-11286

The CVE-2019-11286 issue affects VMware GemFire products with a JMX service exposed to the network that does not properly restrict input. A remote authenticated attacker could exploit this via a crafted set of credentials, leading to remote code execution. Affected versions include GemFire prior ...

9.1CVSS9.2AI score0.01786EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/31 7:40 p.m.47 views

CVE-2020-5396

The CVE affects VMware GemFire up to versions 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs up to 1.11.1 and 1.10.2. When deployed without a SecurityManager, a JMX service is exposed with an insecure default configuration. This enables a malicious user to create an MLet MBean,...

8.8CVSS9AI score0.01891EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/04/18 4:29 p.m.3 views

CVE-2016-8220

Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route...

7.5CVSS5.8AI score0.0113EPSS
Exploits0References1
NVD
NVD
added 2018/04/18 4:29 p.m.16 views

CVE-2016-8220

Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route...

7.5CVSS7.3AI score0.0113EPSS
Exploits0References1
Prion
Prion
added 2018/04/18 4:29 p.m.11 views

Information disclosure

Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route...

5CVSS6.7AI score0.0113EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/18 4:0 p.m.22 views

CVE-2016-8220

Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route...

7.3AI score0.0113EPSS
Exploits0References1
CVE
CVE
added 2018/04/18 4:0 p.m.37 views

CVE-2016-8220

CVE-2016-8220 affects Pivotal GemFire for PCF, specifically versions 1.6.x before 1.6.5.0 and 1.7.x before 1.7.1.0. The vulnerability is an information disclosure where WAN replication credentials are exposed via a public route. The available sources (NVD entry, CVE records) confirm the affected ...

7.5CVSS7.2AI score0.0113EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/03/16 8:29 p.m.15 views

Authentication flaw

The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker...

7.5CVSS7.5AI score0.02165EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/03/16 8:29 p.m.3 views

CVE-2016-9880

The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker...

9.8CVSS5.8AI score0.02165EPSS
Exploits0References2
NVD
NVD
added 2018/03/16 8:29 p.m.19 views

CVE-2016-9880

The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker...

9.8CVSS9.8AI score0.02165EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/03/16 8:0 p.m.12 views

CVE-2016-9880

The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker...

9.8AI score0.02165EPSS
Exploits0References2
CVE
CVE
added 2018/03/16 8:0 p.m.32 views

CVE-2016-9880

CVE-2016-9880 affects the GemFire broker for Cloud Foundry 1.6.x prior to 1.6.5 and 1.7.x prior to 1.7.1. The issue is that multiple API endpoints do not require authentication, enabling access to the cluster managed by the broker. According to the CVE entry, this leads to potential unauthorized ...

9.8CVSS9.6AI score0.02165EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder