CVE-2010-1454
Published May 19, 2010
Last updated 6 years ago
Overview
- Description
- com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:tc_server:6.0.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49E53950-C2E3-470D-9DF7-8151CC0FCE50"
},
{
"criteria": "cpe:2.3:a:vmware:tc_server:6.0.19.a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C127F47B-658A-4A0E-85DE-6E828D04C0CA"
},
{
"criteria": "cpe:2.3:a:vmware:tc_server:6.0.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AE88E31-F854-4498-8CCD-88285DDD819E"
},
{
"criteria": "cpe:2.3:a:vmware:tc_server:6.0.20.a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C1D8357-4CA8-416A-A983-BFBB03A701DB"
},
{
"criteria": "cpe:2.3:a:vmware:tc_server:6.0.20.b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "779E0DFF-064A-4596-BE17-B9C5452CE64C"
},
{
"criteria": "cpe:2.3:a:vmware:tc_server:6.0.20.c:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EF40DFF-3C63-41A6-ADD3-16465C785808"
},
{
"criteria": "cpe:2.3:a:vmware:tc_server:6.0.25.a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0232016-28BA-4161-8B44-A07AA8E6DD0B"
}
],
"operator": "OR"
}
]
}
]