Описание
Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.12.0 (исключая)
cpe:2.3:a:jumpmind:symmetricds:*:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01025
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
github
больше 3 лет назад
Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution.
EPSS
Процентиль: 77%
0.01025
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-noinfo