Remote Access Vulnerability in VMware SpringSource tc Server
CVE-2010-1454

Currently unrated

Key Information:

Vendor: Vmware
Status: Tc Server
Vendor: CVE Published:; 19 May 2010

Summary

The VMware SpringSource tc Server contains a vulnerability in the com.springsource.tcserver.serviceability.rmi.JmxSocketListener component, which fails to enforce proper encryption for passwords. This weakness permits unauthorized remote attackers to access the JMX interface simply by supplying a blank password. Without adequate security controls, this vulnerability could lead to unauthorized confirmation and potentially malicious interactions with the server components.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/58684

vdb-entryx_refsource_XF

http://secunia.com/advisories/39778

third-party-advisoryx_refsource_SECUNIA

http://www.springsource.com/security/cve-2010-1454

x_refsource_CONFIRM

Timeline

Vulnerability published
May 19, 2010
Vulnerability Reserved
Apr 15, 2010