OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Oracle Java SE and Java SE Embedded Access Control Error Vulnerability (CNVD-2019-26758)

Oracle Java SE and Oracle Java SE Embedded are both products of Oracle Corporation.Oracle Java SE is a Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle Java SE Embedded is a Java platform that targets Java...

Oracle Java SE and Java SE Embedded Access Control Error Vulnerability (CNVD-2019-26750)

Oracle Java SE and Oracle Java SE Embedded are both products of Oracle Corporation.Oracle Java SE is a Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle Java SE Embedded is a Java platform that targets Java...

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

UBUNTU-CVE-2019-0192

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side...

DEBIAN-CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

CVE-2018-15381

A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

Oracle WebLogic Server Remote Code Execution Vulnerability (CNVD-2015-07707)

WebLogic is an application server produced by Oracle, is a middleware based on the JAVAEE architecture , WebLogic is used to develop, integrate, deploy and manage large-scale distributed Web applications, network applications and database applications of the Java application server . A remote cod...

CVE-2018-5393

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...

CVE-2017-3199

The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be...

Design/Logic Flaw

A vulnerability in Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation RMI system. The vulnerability is due to an open port in the Network Interface and Configuration Engine NICE service. An attacker could exploit...

Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability

A vulnerability in Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation RMI system. The vulnerability is due to an open port in the Network Interface and Configuration Engine NICE service. An attacker could exploit...

GE MDS PulseNET and MDS PulseNET Enterprise Remote Code Execution Vulnerability

GE MDS PulseNET and MDS PulseNET Enterprise are both products of General Electric GE, U.S.A. GE MDS PulseNET is a suite of network management software designed for radio communication systems. An authorization issue vulnerability exists in the Java Remote Method Invocation RMI input port in GE MD...

CVE-2018-10611

Java remote method invocation RMI input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services...

CVE-2018-10611

Java remote method invocation RMI input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services...

CVE-2018-5487

NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation JMX RMI service bound to the network, and are susceptible to unauthenticated remote code execution...

Deserialization vulnerability in TP-Link EAP Controller for linux

TP-Link EAP Controller is a software for remote control of wireless AP access point devices from China P&L TP-LINK. A deserialization vulnerability exists in TP-Link EAP Controller for linux. A remote attacker can implement a deserialization attack via the RMI protocol, and a successful attack ca...

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...