CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-11288 – tcServer JMX Socket Listener Registry Rebinding Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-11288
27 Jan 2020 — In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The... • https://pivotal.io/security/cve-2019-11288 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 2CVE-2009-2907 – SpringSource (Multiple Products) - Multiple HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-2907
24 Mar 2010 — Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en SpringSource tc Server v6.0... • https://www.exploit-db.com/exploits/33794 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •