CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

OSV•added 2024/10/22 4:15 p.m.•1 views

CVE-2022-23862

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the...

7.8CVSS6.1AI score0.01803EPSS

Exploits2References3

ATTACKERKB•added 2024/10/22 4:15 p.m.•3 views

CVE-2022-23862

8.4CVSS6.2AI score0.01803EPSS

Exploits2References4

NVD•added 2024/10/22 4:15 p.m.•15 views

CVE-2022-23862

8.4CVSS0.01803EPSS

Exploits2References3

CNNVD•added 2024/10/22 12:0 a.m.•1 views

YSoft SAFEQ 访问控制错误漏洞

YSoft SAFEQ is an enterprise print management suite solution platform from the Czech company YSoft. A security vulnerability exists in YSoft SAFEQ that stems from SafeQ JMX not enforcing authentication, resulting in vulnerability to JMX MLet attacks...

8.4CVSS6.8AI score0.01803EPSS

Exploits2References4

CVE•added 2024/10/22 12:0 a.m.•46 views

CVE-2022-23862

CVE-2022-23862 affects Y Soft SAFEQ 6 Build 53. The SafeQ JMX service on port 9696 is vulnerable to JMX MLet attacks because authentication was not enforced and the service ran under NT AUTHORITY\System, enabling an attacker to execute arbitrary code and escalate to SYSTEM locally. Public PoC and...

8.4CVSS8AI score0.01803EPSS

Exploits2References3Affected Software1

Vulnrichment•added 2024/10/22 12:0 a.m.•21 views

CVE-2022-23862

8.3AI score0.01803EPSS

Exploits2References3

Cvelist•added 2024/10/22 12:0 a.m.•18 views

CVE-2022-23862

0.01803EPSS

Exploits2References3

Veracode•added 2024/04/23 6:54 a.m.•19 views

Privilege Escalation

Ant Media Server is vulnerable to Privilege Escalation. The vulnerability is caused by running Java Management Extensions JMX with authentication disabled on localhost on port 5599. This allows unprivileged users to connect locally and leverage MLet Bean within JMX to load a remote MBean from an...

7.8CVSS8.2AI score0.00081EPSS

Exploits0References2Affected Software1

NVD•added 2024/04/22 11:15 p.m.•22 views

CVE-2024-32656

Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media...

7.8CVSS8.2AI score0.00081EPSS

Exploits0References2

Vulnrichment•added 2024/04/22 10:16 p.m.•28 views

CVE-2024-32656 Ant Media Server vulnerable to local privilege escalation

7.8CVSS8.2AI score0.00081EPSS

Exploits0References2

OSV•added 2022/02/10 11:4 p.m.•2 views

GHSA-9JG9-6WM2-X7P5 Server-Side Request Forgery in Karaf

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

6.3CVSS5.9AI score0.00514EPSS

Exploits0References3

OSV•added 2022/02/09 10:14 p.m.•35 views

GHSA-WQFH-9M4G-7X6X Remote code execution in Apache ActiveMQ

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack - A remote client could create a...

9.8CVSS9.7AI score0.06913EPSS

Exploits0References11

RedHat Linux•added 2020/12/16 12:11 p.m.•2 views

karaf: A remote client could create MBeans from arbitrary URLs

6.5CVSS5.9AI score0.00514EPSS

Exploits0References4

NVD•added 2020/10/05 4:15 p.m.•9 views

CVE-2020-24231

Symmetric DS 3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to...

9.8CVSS0.01025EPSS

Exploits0References1

Prion•added 2020/10/05 4:15 p.m.•12 views

Code injection

7.5CVSS9.6AI score0.01025EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2020/09/10 12:0 a.m.•1 views

PT-2020-5485 · Apache · Apache Activemq

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.15.13 Description: The issue is related to a regression introduced in a commit that prevents JMX re-bind, allowing a remote client to create a javax.management.loading.MLet MBean and use it to create new...

10CVSS9.4AI score0.06913EPSS

Exploits0References22

OSV•added 2020/07/31 8:15 p.m.•1 views

CVE-2020-5396

VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create...

8.8CVSS7.6AI score0.01602EPSS

Exploits0References1

Cvelist•added 2020/07/31 7:40 p.m.•13 views

CVE-2020-5396 JMX Insecure Default Configuration in GemFire

9AI score0.01602EPSS

Exploits0References1

0day.today•added 2015/02/17 12:0 a.m.•33 views

Java JMX Server Insecure Configuration Java Code Execution Exploit

This Metasploit module takes advantage a Java JMX interface insecure configuration, which would allow loading classes from any remote HTTP URL. JMX interfaces with authentication disabled com.sun.management.jmxremote.authenticate=false should be vulnerable, while interfaces with authentication...

7.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by