{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-18T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[Thermostat-announce] 20141216 [SECURITY UPDATE] Thermostat 1.0.6 update released!", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html"}, {"name": "RHSA-2014:2000", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-2000.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:50.645Z"}, "title": "CVE Program Container", "references": [{"name": "[Thermostat-announce] 20141216 [SECURITY UPDATE] Thermostat 1.0.6 update released!", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html"}, {"name": "RHSA-2014:2000", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-2000.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8120", "datePublished": "2014-12-18T15:00:00", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2024-08-06T13:10:50.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thermostat_project:thermostat:*:*:*:*:*:*:*:*", "matchCriteriaId": "227EEABF-AABD-4DD8-BF3C-BAE154EC806B", "versionEndIncluding": "1.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors."}, {"lang": "es", "value": "El agente en Thermostat anterior a 1.0.6, cuando se utilizan configuraciones sin especificar, permite a usuarios locales obtener las URLs de gesti\u00f3n JMX de todas las m\u00e1quinas virtuales Java locales y conseguir privilegios a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2014-8120", "lastModified": "2024-11-21T02:18:35.920", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-18T15:59:02.587", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-2000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-2000.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Elliott Baron (Red Hat).", "affected_release": [{"advisory": "RHSA-2014:2000", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "thermostat1-thermostat-0:1.0.4-60.6.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6", "release_date": "2014-12-16T00:00:00Z"}, {"advisory": "RHSA-2014:2000", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "thermostat1-thermostat-0:1.0.4-60.6.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS", "release_date": "2014-12-16T00:00:00Z"}, {"advisory": "RHSA-2014:2000", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "thermostat1-thermostat-0:1.0.4-60.6.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2014-12-16T00:00:00Z"}, {"advisory": "RHSA-2014:2000", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "thermostat1-thermostat-0:1.0.4-60.6.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2014-12-16T00:00:00Z"}, {"advisory": "RHSA-2014:2000", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el7", "package": "thermostat1-thermostat-0:1.0.4-70.6.el7", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 7", "release_date": "2014-12-16T00:00:00Z"}], "bugzilla": {"description": "thermostat: local JMX URL disclosure", "id": "1168977", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168977"}, "csaw": false, "cvss": {"cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors.", "It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system."], "name": "CVE-2014-8120", "public_date": "2014-12-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8120\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8120\nhttp://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html"], "threat_severity": "Important"}