CRITICAL🇬🇧 English

CVE-2016-5062

CVSS 9.8v3.0pub. 2016-09-29upd. 2026-05-06

The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Aternity

    APP
    Aternity
    ≤ 9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-43997HIGH7.8ten sam produkt

Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege es...

CVE-2016-5061MEDIUM6.1ten sam produkt

Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote at...