Lucene search
Veracode Vulnerability DatabaseVERACODE:28633HistoryDec 18, 2020 - 6:47 a.m.
Missing Authentication Due To Incorrect Configuration
2020-12-1806:47:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.04 Low
EPSS
Percentile
92.1%
Apache Tomee openejb-core has missing authentication. The vulnerability exists due to an incomplete fix of CVE-2020-11969 where when embedded ActiveMQ broker with URI setting useJMX=true is used, it causes JMX port to open on TCP port 1099, which does not include authentication.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tomee :: container :: core | le | 8.0.3 | |
| tomee :: container :: core | le | 7.0.8 | |
| tomee :: container :: core | le | 7.1.3 |
References
lists.apache.org/thread.html/r7f98907165b355dc65f28a57f15103a06173ce03261115fa46d569b4@%3Cdev.tomee.apache.org%3E
lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9@%3Cdev.tomee.apache.org%3E
lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E
Related
osv
osv
Remote code execution in Apache TomEE
2022-02-09 22:44:38
CVE-2020-13931
2020-12-18 00:15:00
CVE-2020-11969
2020-06-15 20:15:11
prion
prion
Input validation
2020-12-18 00:15:00
Authentication flaw
2020-06-15 20:15:00
nvd
nvd
CVE-2020-13931
2020-12-18 00:15:14
CVE-2020-11969
2020-06-15 20:15:11
cve
cve
CVE-2020-13931
2020-12-18 00:15:14
CVE-2020-11969
2020-06-15 20:15:11
openvas
openvas
Apache TomEE JMX Vulnerability (CVE-2020-13931)
2020-12-21 00:00:00
github
github
Remote code execution in Apache TomEE
2022-02-09 22:44:38
Missing Authentication for Critical Function in Apache TomEE
2022-02-10 23:07:37
cvelist
cvelist
CVE-2020-13931
2020-12-17 23:42:39
CVE-2020-11969
2020-06-15 19:03:49
veracode
veracode
Missing Authentication
2020-06-16 04:41:09