9 matches found
CVE-2022-23862
A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the...
EUVD-2019-2973
Malware in sbrugna...
EUVD-2020-26577
Malware in sbrugna...
PT-2022-4604 · Apache · Apache Geode
Name of the Vulnerable Software and Affected Versions: Apache Geode versions up to 1.12.2 and 1.13.2 Description: The issue is related to the deserialization of untrusted data when using JMX over RMI on Java 11, which can allow a remote attacker to execute arbitrary code. This flaw affects the JM...
CVE-2019-11286
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against t...
CVE-2020-5396
VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create...
Default configuration
VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create...
Remote code execution
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against t...
JDA Connect CSRF / Command Execution / Exposed JMX Service
Introduction ============ Multiple critical vulnerabilities were identified in JDA Connect. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Affected Software and Versions...