7.5

CVE-2009-4843

Exploit

EPSS 1.84%
Veröffentlicht 07.05.2010 18:24:15
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Toutvirtual ≫ Virtualiq Version3.5 Update- Editionpro

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.84%	0.824

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/37297

Vendor Advisory

http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt

Exploit

http://www.securityfocus.com/archive/1/507729/100/0/threaded

https://nvd.nist.gov/vuln/detail/CVE-2009-4843

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-4843

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-4843

EUVD