CVE-2022-29063

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run...

CVE-2022-29063

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run...

Design/Logic Flaw

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run...

CVE-2022-29063

CVE-2022-29063 affects the Solr plugin in Apache OFBiz. By default it issues a RMI request to localhost:1099; versions 18.12.05 and earlier are vulnerable if an attacker runs a malicious RMI server on localhost, allowing arbitrary code execution at server start-up or on restart. A fix is availabl...

GHSA-W7F2-GJXF-2GM9 Improper Neutralization of Special Elements used in a Command in Apache Cassandra

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request...

Deserialization of untrusted data

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI...

Dell EMC Storage Monitoring and Reporting Code Issue Vulnerability

Dell EMC Storage Monitoring and Reporting is a set of storage performance monitoring software from Dell Dell. The software provides storage performance monitoring and report generation. A code issue vulnerability exists in Dell EMC Storage Monitoring and Reporting version 4.3.1. A remote attacker...

CVE-2017-10934

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections ACC library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a...

Cisco Prime LAN Management Solution Java Object Deserialization RCE (CSCux34647)

The Cisco Prime Lan Management Solution LMS running on the remote web server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by...

Default configuration

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request...

Oracle Java RMI Services Default Configuration Remote Code Execution

A remote code execution vulnerability has been reported in Oracle Java RMI services.The vulnerability is due to insufficient validation of URLs when loading a remote Java object. A remote attacker may exploit this vulnerability by sending a malicious RMI request to the target server. Successful...