EUVD-2011-0547

Malware in sbrugna...

EUVD-2022-0940

Malicious code in bioql PyPI...

Apache Cassandra: unrestricted deserialization of JMX authentication credentials

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

CVE-2024-27137 Apache Cassandra: unrestricted deserialization of JMX authentication credentials

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

CVE-2024-27137 Apache Cassandra: unrestricted deserialization of JMX authentication credentials

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

CVE-2020-11980

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

Privilege escalation

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

CVE-2020-11980

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

RHEL 5 : JBoss EAP (RHSA-2013:0192)

Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common...

VMware vFabric tc Server 2.x JMX Authentication Security Bypass Vulnerability

VMware vFabric tc Server is prone to a security bypass vulnerability. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

VMware vFabric tc Server JMX Authentication Security Bypass Vulnerability

The host is running VMware vFabric tc Server and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodvmwarevfabrictcserversecuritybypassvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ VMware vFabric tc Server JMX Authentication Security Bypass Vulnerability Authors: Soor...

CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass

Severity: Important Versions Affected: 2.0.0.RELEASE to 2.0.5.SR01 2.1.0.RELEASE to 2.1.1.SR01 Description: tc Server allows users to store the passwords used for JMX authentication in an obfuscated form for organizations where storing passwords in plain text is not permitted. The JMX...

CVE-2011-0527

VMware vFabric tc Server aka SpringSource tc Server 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords...

Design/Logic Flaw

VMware vFabric tc Server aka SpringSource tc Server 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords...

CVE-2011-0527

VMware vFabric tc Server aka SpringSource tc Server 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords...

CVE-2011-0527

This CVE affects VMware vFabric tc Server (SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE. The JMX authentication password handling allows use of both plain text and obfuscated passwords, enabling context-dependent attackers with read access to stored passwords ...