Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
JumpMind Symmetric DS 安全漏洞
Vulnerability Description
symmetric ds是JumpMind的一款开源的数据库备份软件。该软件仅需要简单的配置即可支持跨平台复制数据、异步复制数千个数据库。 Symmetric DS 3.12.0之前版本存在安全漏洞,该漏洞源于mx4j没有身份验证,在所有接口上都可用。攻击者可利用该漏洞可以与JMX交互:获取系统信息,并调用MBean方法。可以使用MLet从远程主机安装额外的mbean,这会导致任意的代码执行。
CVSS Information
N/A
Vulnerability Type
N/A