CVE-2018-10611
First published: Thu May 31 2018(Updated: )
Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GE MDS PulseNET | <=3.2.1 | |
| GE MDS PulseNET | <=3.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-10611?
CVE-2018-10611 is considered high severity due to the potential for remote code execution by unauthenticated users.
How can I fix CVE-2018-10611?
To fix CVE-2018-10611, upgrade GE MDS PulseNET and MDS PulseNET Enterprise to version 3.2.2 or later.
What types of systems are affected by CVE-2018-10611?
CVE-2018-10611 affects GE MDS PulseNET and MDS PulseNET Enterprise versions up to and including 3.2.1.
What are the risks associated with CVE-2018-10611?
The primary risk of CVE-2018-10611 is that it allows attackers to execute arbitrary code potentially compromising the entire system.
Is CVE-2018-10611 an isolated vulnerability?
CVE-2018-10611 is not isolated and is part of a broader category of vulnerabilities related to insecure remote method invocation in Java.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/ge
- canonical/ge mds pulsenet
- version/ge mds pulsenet/3.2.1