A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows 10
OSMicrosoftwszystkie wersjeMicrosoft Windows 11
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2016
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2019
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2022
OSMicrosoftwszystkie wersjeSchneider Electric Apc Easy Ups Online Monitoring Software
APPSchneider-Electric≤ 2.5-ga-01-22320Schneider Electric Easy Ups Online Monitoring Software
APPSchneider-Electric≤ 2.5-gs-01-22320
Related vulnerabilities
RCE w Windows Server Update Service (WSUS) — deserializacja danych
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...
Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows S...