CVE-2015-2342
First published: Mon Oct 12 2015(Updated: )
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware vCenter Server | =5.0 | |
| VMware vCenter Server | =5.1 | |
| VMware vCenter Server | =5.5 | |
| VMware vCenter Server | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2015/Oct/1
- http://www.securityfocus.com/bid/76930
- http://www.securitytracker.com/id/1033720
- http://www.vmware.com/security/advisories/VMSA-2015-0007.html
- http://www.zerodayinitiative.com/advisories/ZDI-15-455
- https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware vcenter server
- version/vmware vcenter server/5.0
- version/vmware vcenter server/5.1
- version/vmware vcenter server/5.5
- version/vmware vcenter server/6.0