CVE-2010-1454

Published May 19, 2010

Last updated 6 years ago

CVSS info 6.8

Overview

Description: com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:tc_server:6.0.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49E53950-C2E3-470D-9DF7-8151CC0FCE50"
          },
          {
            "criteria": "cpe:2.3:a:vmware:tc_server:6.0.19.a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C127F47B-658A-4A0E-85DE-6E828D04C0CA"
          },
          {
            "criteria": "cpe:2.3:a:vmware:tc_server:6.0.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AE88E31-F854-4498-8CCD-88285DDD819E"
          },
          {
            "criteria": "cpe:2.3:a:vmware:tc_server:6.0.20.a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C1D8357-4CA8-416A-A983-BFBB03A701DB"
          },
          {
            "criteria": "cpe:2.3:a:vmware:tc_server:6.0.20.b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "779E0DFF-064A-4596-BE17-B9C5452CE64C"
          },
          {
            "criteria": "cpe:2.3:a:vmware:tc_server:6.0.20.c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EF40DFF-3C63-41A6-ADD3-16465C785808"
          },
          {
            "criteria": "cpe:2.3:a:vmware:tc_server:6.0.25.a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0232016-28BA-4161-8B44-A07AA8E6DD0B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References