CVE-2010-1454 - Vulnerability Details - OpenCVE

com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Tc Server

Configuration 1 [-]

OR	cpe:2.3:a:vmware:tc_server:6.0.19:::::::*
	cpe:2.3:a:vmware:tc_server:6.0.19.a:::::::*
	cpe:2.3:a:vmware:tc_server:6.0.20:::::::*
	cpe:2.3:a:vmware:tc_server:6.0.20.a:::::::*
	cpe:2.3:a:vmware:tc_server:6.0.20.b:::::::*
	cpe:2.3:a:vmware:tc_server:6.0.20.c:::::::*
	cpe:2.3:a:vmware:tc_server:6.0.25.a:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/39778
http://www.securityfocus.com/archive/1/511307/100/0/threaded
http://www.securityfocus.com/bid/40205
http://www.springsource.com/security/cve-2010-1454
https://exchange.xforce.ibmcloud.com/vulnerabilities/58684

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-05-19T18:13:00

Updated: 2024-08-07T01:21:19.185Z

Reserved: 2010-04-15T00:00:00

Link: CVE-2010-1454

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-05-19T18:30:03.553

Modified: 2024-11-21T01:14:27.697

Link: CVE-2010-1454

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-13T00:00:00", "descriptions": [{"lang": "en", "value": "com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "tcserver-listener-security-bypass(58684)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58684"}, {"name": "39778", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39778"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.springsource.com/security/cve-2010-1454"}, {"name": "20100517 CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/511307/100/0/threaded"}, {"name": "40205", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/40205"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-1454", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "tcserver-listener-security-bypass(58684)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58684"}, {"name": "39778", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39778"}, {"name": "http://www.springsource.com/security/cve-2010-1454", "refsource": "CONFIRM", "url": "http://www.springsource.com/security/cve-2010-1454"}, {"name": "20100517 CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/511307/100/0/threaded"}, {"name": "40205", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40205"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:21:19.185Z"}, "title": "CVE Program Container", "references": [{"name": "tcserver-listener-security-bypass(58684)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58684"}, {"name": "39778", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39778"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.springsource.com/security/cve-2010-1454"}, {"name": "20100517 CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/511307/100/0/threaded"}, {"name": "40205", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/40205"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-1454", "datePublished": "2010-05-19T18:13:00", "dateReserved": "2010-04-15T00:00:00", "dateUpdated": "2024-08-07T01:21:19.185Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:tc_server:6.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "49E53950-C2E3-470D-9DF7-8151CC0FCE50", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:tc_server:6.0.19.a:*:*:*:*:*:*:*", "matchCriteriaId": "C127F47B-658A-4A0E-85DE-6E828D04C0CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:tc_server:6.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "0AE88E31-F854-4498-8CCD-88285DDD819E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:tc_server:6.0.20.a:*:*:*:*:*:*:*", "matchCriteriaId": "9C1D8357-4CA8-416A-A983-BFBB03A701DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:tc_server:6.0.20.b:*:*:*:*:*:*:*", "matchCriteriaId": "779E0DFF-064A-4596-BE17-B9C5452CE64C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:tc_server:6.0.20.c:*:*:*:*:*:*:*", "matchCriteriaId": "4EF40DFF-3C63-41A6-ADD3-16465C785808", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:tc_server:6.0.25.a:*:*:*:*:*:*:*", "matchCriteriaId": "E0232016-28BA-4161-8B44-A07AA8E6DD0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password."}, {"lang": "es", "value": "Vulnerabilidad en el componente com.springsource.tcserver.serviceability.rmi.JmxSocketListener de VMware SpringSource tc Server Runtime v6.0.19, v6.0.20 anteriores a v6.0.20.D y v6.0.25.A anteriores a v6.0.25.A-SR01, no hace cumplir correctamente el requisito de contrase\u00f1a cifrada (tambi\u00e9n conocido como s2enc), que permite a atacantes remotos obtener acceso al interfaz JMX a trav\u00e9s de una contrase\u00f1a vac\u00eda."}], "id": "CVE-2010-1454", "lastModified": "2024-11-21T01:14:27.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-05-19T18:30:03.553", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39778"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/511307/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/40205"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.springsource.com/security/cve-2010-1454"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/511307/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/40205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.springsource.com/security/cve-2010-1454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58684"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}