Vulnerability Details : CVE-2016-5062
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
Products affected by CVE-2016-5062
- cpe:2.3:a:aternity:aternity:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5062
0.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5062
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-5062
-
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5062
-
http://www.securityfocus.com/bid/93208
Aternity CVE-2016-5062 Remote Code Execution Vulnerability
-
http://www.kb.cert.org/vuls/id/706359
VU#706359 - Aternity version 9 vulnerable to cross-site scripting and remote code executionThird Party Advisory;US Government Resource
Jump to