8.8

CVE-2020-5396

EPSS 1.6%
Veröffentlicht 31.07.2020 20:15:12
Zuletzt bearbeitet 21.11.2024 05:34:03
Quelle security@pivotal.io
CVE-Watchlists
Login
Unerledigt
Login

JMX Insecure Default Configuration in GemFire

VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 5 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

VMware ≫ Gemfire Version >= 9.7.0 < 9.7.6

VMware ≫ Gemfire Version >= 9.8.0 < 9.8.7

VMware ≫ Gemfire Version >= 9.9.0 < 9.9.2

VMware ≫ Tanzu Gemfire For Virtual Machines Version >= 1.10.0 < 1.10.2

VMware ≫ Tanzu Gemfire For Virtual Machines Version >= 1.11.0 < 1.11.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.6%	0.809

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://tanzu.vmware.com/security/cve-2020-5396

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5396

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5396

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5396

EUVD