PT-2015-5622 · Red Hat+1 · Jboss+2
Published
2015-04-22
·
Updated
2016-12-03
·
CVE-2015-2117
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) versions prior to 4.1 patch 3
HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) versions 4.2 before patch 1
Description
The issue allows remote attackers to execute arbitrary code without requiring authentication for JBoss RMI requests. This can be achieved by either uploading the code within an archive or instantiating a class.
Recommendations
For HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) versions prior to 4.1 patch 3, apply patch 3 to resolve the issue.
For HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) versions 4.2 before patch 1, apply patch 1 to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hp Tippingpoint Security Management System
Jboss
Tippingpoint Virtual Security Management System