RSS   Vulnerabilities for 'Engage'   RSS

2019-04-23
 
CVE-2019-7727

CWE-264
 

 
In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable.

 

 >>> Vendor: NICE 2 Products
Recording express
Engage


Copyright 2024, cxsecurity.com

 

Back to Top