Unrated severityNVD Advisory· Published Oct 5, 2020· Updated Aug 4, 2024

CVE-2020-24231

Description

Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution.

Affected products

Symmetric DS/Symmetric DSdescription
Symmetric DS/Symmetric DSllm-create
Range: <3.12.0

Patches

Vulnerability mechanics

References

www.symmetricds.org/issues/view.phpmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000