[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] CVE-2019-7727 - JMX/RMI Nice ENGAGE <= 6.5 Remote Command Execution

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] CVE-2019-7727 - JMX/RMI Nice ENGAGE <= 6.5 Remote Command Execution
From: Red Timmy Sec - <redazione@xxxxxxxxxxx>
Date: Mon, 1 Apr 2019 11:42:03 +0200 (CEST)

Description
===========
NICE Engage is an interaction recording platform. The default configuration in 
versions <= 6.5 (and possible higher) binds an unauthenticated JMX/RMI 
interface to all network interfaces, without restricting registration of 
MBeans, which allows remote attackers to execute arbitrary code via the RMI 
protocol by using the JMX connector. The observed affected TCP port is 6338 but 
based on product's configuration a different one could be vulnerable.
 
More details visiting: 
https://redtimmysec.wordpress.com/2019/03/26/jmx-rmi-multiple-applications-rce/

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] c0c0n XII | The cy0ps c0n - Call For Papers & Call For Workshops
Next by Date: [FD] DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities
Previous by thread: [FD] c0c0n XII | The cy0ps c0n - Call For Papers & Call For Workshops
Next by thread: [FD] DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities
Index(es):
- Date
- Thread