CVE-2020-5396

The CVE affects VMware GemFire up to versions 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs up to 1.11.1 and 1.10.2. When deployed without a SecurityManager, a JMX service is exposed with an insecure default configuration. This enables a malicious user to create an MLet MBean,...

CVE-2019-11286

The CVE-2019-11286 issue affects VMware GemFire products with a JMX service exposed to the network that does not properly restrict input. A remote authenticated attacker could exploit this via a crafted set of credentials, leading to remote code execution. Affected versions include GemFire prior ...