Incorrect Resource Transfer Between Spheres

CVE-2016-5062

High

9.8/10

Summary

The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-669 - Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

References

Advisory Timeline

Published Sep 29, 2016

Incorrect Resource Transfer Between Spheres

CVE-2016-5062

Summary

CWE-669 - Incorrect Resource Transfer Between Spheres

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS