Описание
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 9.0 (включая)
cpe:2.3:a:aternity:aternity:*:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00476
Низкий
9.8 Critical
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-669
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
EPSS
Процентиль: 64%
0.00476
Низкий
9.8 Critical
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-669