CVE-2019-7727
Last modified
CVE-2019-7727 is a vulnerability of currently unknown severity. In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable.. EPSS estimates a 3.79% chance of exploitation in the next 30 days.
Description
In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nice | Engage | <= 6.5 |
References
- http://seclists.org/fulldisclosure/2019/Apr/4Mailing List, Third Party Advisory
- https://redtimmysec.wordpress.com/2019/03/26/jmx-rmi-multiple-applications-rce/Mitigation, Third Party Advisory
- https://seclists.org/bugtraq/2019/Apr/2Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2019/Apr/4Mailing List, Third Party Advisory
- https://redtimmysec.wordpress.com/2019/03/26/jmx-rmi-multiple-applications-rce/Mitigation, Third Party Advisory
- https://seclists.org/bugtraq/2019/Apr/2Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-7727?
How severe is CVE-2019-7727?
How do I fix CVE-2019-7727?
Are you affected by CVE-2019-7727?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST