Vulnerabilities > Vmware > Tanzu Gemfire FOR Virtual Machines

DATE CVE VULNERABILITY TITLE RISK
2020-07-31 CVE-2020-5396 Missing Authorization vulnerability in VMWare Gemfire and Tanzu Gemfire FOR Virtual Machines
VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration.
network
low complexity
vmware CWE-862
6.5
6.5
2020-07-31 CVE-2019-11286 Deserialization of Untrusted Data vulnerability in VMWare Gemfire and Tanzu Gemfire FOR Virtual Machines
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input.
network
low complexity
vmware CWE-502
6.5
6.5