CVE-2010-1454
Last modified
CVE-2010-1454 is a vulnerability of currently unknown severity. com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.. EPSS estimates a 1.78% chance of exploitation in the next 30 days.
Description
com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Tc Server | 6.0.19 |
| Vmware | Tc Server | 6.0.19.a |
| Vmware | Tc Server | 6.0.20 |
| Vmware | Tc Server | 6.0.20.a |
| Vmware | Tc Server | 6.0.20.b |
| Vmware | Tc Server | 6.0.20.c |
| Vmware | Tc Server | 6.0.25.a |
References
- http://secunia.com/advisories/39778Vendor Advisory
- http://www.springsource.com/security/cve-2010-1454Vendor Advisory
- http://secunia.com/advisories/39778Vendor Advisory
- http://www.springsource.com/security/cve-2010-1454Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-1454?
How severe is CVE-2010-1454?
How do I fix CVE-2010-1454?
Are you affected by CVE-2010-1454?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST