CVE-2009-4843

Published May 7, 2010

Last updated 6 years ago

Overview

Description: ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:toutvirtual:virtualiq:3.5:-:pro:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAD9D8B2-EA53-47AF-8703-C9B8F2B2B9DC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References