Skip to main content

Cleartext Transmission of Sensitive Information

CVE-2018-1297

Severity High
Score 9.8/10

Summary

(RMI basedWhen using Distributed Test only ), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-319 - Cleartext Transmission of Sensitive Information

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Advisory Timeline

  • Published