CVE-2019-11286

Name of the Vulnerable Software and Affected Versions VMware GemFire versions prior to 9.10.0 VMware GemFire versions 9.9.1 and earlier VMware GemFire versions 9.8.5 and earlier VMware GemFire versions 9.7.5 and earlier VMware Tanzu GemFire for VMs versions prior to 1.11.0 VMware Tanzu GemFire for VMs versions 1.10.1 and earlier VMware Tanzu GemFire for VMs versions 1.9.2 and earlier VMware Tanzu GemFire for VMs versions 1.8.2 and earlier

Description The JMX service in the affected software is available to the network and does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials, leading to remote code execution.

Recommendations For VMware GemFire versions prior to 9.10.0, update to version 9.10.0 or later. For VMware GemFire versions 9.9.1 and earlier, update to version 9.9.1 or later, but since 9.10.0 is available, update to 9.10.0 or later. For VMware GemFire versions 9.8.5 and earlier, update to version 9.8.5 or later, but since 9.10.0 is available, update to 9.10.0 or later. For VMware GemFire versions 9.7.5 and earlier, update to version 9.7.5 or later, but since 9.10.0 is available, update to 9.10.0 or later. For VMware Tanzu GemFire for VMs versions prior to 1.11.0, update to version 1.11.0 or later. For VMware Tanzu GemFire for VMs versions 1.10.1 and earlier, update to version 1.10.1 or later, but since 1.11.0 is available, update to 1.11.0 or later. For VMware Tanzu GemFire for VMs versions 1.9.2 and earlier, update to version 1.9.2 or later, but since 1.11.0 is available, update to 1.11.0 or later. For VMware Tanzu GemFire for VMs versions 1.8.2 and earlier, update to version 1.8.2 or later, but since 1.11.0 is available, update to 1.11.0 or later. As a temporary workaround, consider restricting access to the JMX service to minimize the risk of exploitation.