// For flags

CVE-2010-1454

 

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.

Vulnerabilidad en el componente com.springsource.tcserver.serviceability.rmi.JmxSocketListener de VMware SpringSource tc Server Runtime v6.0.19, v6.0.20 anteriores a v6.0.20.D y v6.0.25.A anteriores a v6.0.25.A-SR01, no hace cumplir correctamente el requisito de contraseña cifrada (también conocido como s2enc), que permite a atacantes remotos obtener acceso al interfaz JMX a través de una contraseña vacía.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-04-15 CVE Reserved
  • 2010-05-19 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
Tc Server
Search vendor "Vmware" for product "Tc Server"
6.0.19
Search vendor "Vmware" for product "Tc Server" and version "6.0.19"
-
Affected
Vmware
Search vendor "Vmware"
Tc Server
Search vendor "Vmware" for product "Tc Server"
6.0.19.a
Search vendor "Vmware" for product "Tc Server" and version "6.0.19.a"
-
Affected
Vmware
Search vendor "Vmware"
Tc Server
Search vendor "Vmware" for product "Tc Server"
6.0.20
Search vendor "Vmware" for product "Tc Server" and version "6.0.20"
-
Affected
Vmware
Search vendor "Vmware"
Tc Server
Search vendor "Vmware" for product "Tc Server"
6.0.20.a
Search vendor "Vmware" for product "Tc Server" and version "6.0.20.a"
-
Affected
Vmware
Search vendor "Vmware"
Tc Server
Search vendor "Vmware" for product "Tc Server"
6.0.20.b
Search vendor "Vmware" for product "Tc Server" and version "6.0.20.b"
-
Affected
Vmware
Search vendor "Vmware"
Tc Server
Search vendor "Vmware" for product "Tc Server"
6.0.20.c
Search vendor "Vmware" for product "Tc Server" and version "6.0.20.c"
-
Affected
Vmware
Search vendor "Vmware"
Tc Server
Search vendor "Vmware" for product "Tc Server"
6.0.25.a
Search vendor "Vmware" for product "Tc Server" and version "6.0.25.a"
-
Affected