Descrição
In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product’s configuration, a different one could be vulnerable.
Software
Não informado
Tipo Software
Core
CVE
CVE-2019-7727
Tags
Nâo informado
Data de publicação
23/04/2019
Última atualização
24/02/2022
Pontuação em CVSS 3.0
9.8
Crítico