Security Advisory

CVE-2020-24231

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-05 15:38:21

Last updated 2024-08-04 15:12:07

Assigner mitre

State PUBLISHED

Description

Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution.

← Browse all CVEs View on cve.org ↗