CRITICAL🇵🇱 Wersja polska

CVE-2016-5062

CVSS 9.8v3.0pub. 2016-09-29upd. 2026-05-06

The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Aternity

    APP
    Aternity
    ≤ 9.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-43997HIGH7.8ten sam produkt

Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege es...

CVE-2016-5061MEDIUM6.1ten sam produkt

Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote at...