Vulnerabilities > CVE-2020-5396 - Missing Authorization vulnerability in VMWare Gemfire and Tanzu Gemfire FOR Virtual Machines
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |