10

CVE-2015-2342

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwarevCenter Server Version5.0
VMwarevCenter Server Version5.1
VMwarevCenter Server Version5.5
VMwarevCenter Server Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 89.05% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securitytracker.com/id/1033720
http://www.vmware.com/security/advisories/VMSA-2015-0007.html
Patch
Vendor Advisory
http://seclists.org/fulldisclosure/2015/Oct/1
http://www.securityfocus.com/bid/76930
http://www.zerodayinitiative.com/advisories/ZDI-15-455
https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/