9.1
CVE-2019-11286
- EPSS 2.73%
- Veröffentlicht 31.07.2020 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:20:51
- Quelle security@pivotal.io
- Teams Watchlist Login
- Unerledigt Login
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Tanzu Gemfire For Virtual Machines Version >= 1.8.0 < 1.8.2
VMware ≫ Tanzu Gemfire For Virtual Machines Version >= 1.9.0 < 1.9.2
VMware ≫ Tanzu Gemfire For Virtual Machines Version >= 1.10.0 < 1.10.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.73% | 0.854 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 2.3 | 6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| security@pivotal.io | 9 | 2.3 | 6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.