PT-2010-3133 · Vmware · Vmware Springsource Tc Server Runtime

Published

2010-05-19

Updated

2018-10-10

CVE-2010-1454

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VMware SpringSource tc Server Runtime versions 6.0.19 through 6.0.20 before 6.0.20.D VMware SpringSource tc Server Runtime version 6.0.25.A before 6.0.25.A-SR01

Description The issue is related to the com.springsource.tcserver.serviceability.rmi.JmxSocketListener component, which does not properly enforce the requirement for an encrypted password. This allows remote attackers to obtain JMX interface access via a blank password.

Recommendations For versions 6.0.19 through 6.0.20 before 6.0.20.D, update to version 6.0.20.D or later. For version 6.0.25.A before 6.0.25.A-SR01, update to version 6.0.25.A-SR01 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2010-1454

Affected Products

Vmware Springsource Tc Server Runtime

PT-2010-3133 · Vmware · Vmware Springsource Tc Server Runtime

CVE-2010-1454

Weakness Enumeration

Related Identifiers

Affected Products

References · 6