Unrated severityNVD Advisory· Published Oct 12, 2015· Updated May 6, 2026

CVE-2015-2342

Description

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Affected products

VMware/Vcenter Server4 versions
cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vmware.com/security/advisories/VMSA-2015-0007.htmlnvdPatchVendor Advisory
seclists.org/fulldisclosure/2015/Oct/1nvd
www.securityfocus.com/bid/76930nvd
www.securitytracker.com/id/1033720nvd
www.zerodayinitiative.com/advisories/ZDI-15-455nvd
www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.074
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000