[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] CVE-2019-7727 - JMX/RMI Nice ENGAGE <= 6.5 Remote Command Execution
From: Red Timmy Sec - <redazione () segfault ! it>
Date: 2019-04-01 9:42:03
Message-ID: 630380759.180464.1554111723842 () pim ! register ! it
[Download RAW message or body]
Description
===========
NICE Engage is an interaction recording platform. The default configuration in versions <= 6.5 \
(and possible higher) binds an unauthenticated JMX/RMI interface to all network interfaces, \
without restricting registration of MBeans, which allows remote attackers to execute arbitrary \
code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 \
but based on product's configuration a different one could be vulnerable.
More details visiting: \
https://redtimmysec.wordpress.com/2019/03/26/jmx-rmi-multiple-applications-rce/
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic