CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jumpmind: >> Symmetricds >> 3.11.10 Security Vulnerabilities

CVE-2020-24231

Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution.

CVSS Score

9.8

EPSS Score

0.01

Published

2020-10-05

Page 1

Vulnerabilities

Vulnerable Software

Jumpmind: >> Symmetricds >> 3.11.10 Security Vulnerabilities

Products

Pricing

Contact Us