CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-24231

Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.symmetricds.org/issues/view.php?id=4263
https://www.symmetricds.org/issues/view.php?id=4263

Products affected by CVE-2020-24231

Jumpmind » Symmetricds » Version: 3.10.13

cpe:2.3:a:jumpmind:symmetricds:3.10.13
Jumpmind » Symmetricds » Version: 3.11.10

cpe:2.3:a:jumpmind:symmetricds:3.11.10
Jumpmind » Symmetricds » Version: 3.11.11

cpe:2.3:a:jumpmind:symmetricds:3.11.11
Jumpmind » Symmetricds » Version: 3.11.12

cpe:2.3:a:jumpmind:symmetricds:3.11.12
Jumpmind » Symmetricds » Version: 3.11.13

cpe:2.3:a:jumpmind:symmetricds:3.11.13

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24231

Products

Pricing

Contact Us