RSS   Vulnerabilities for 'Aternity'   RSS

2016-09-29
 
CVE-2016-5062

 

 
The web server in Aternity 9 and earlier does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.

 
 
CVE-2016-5061

 

 
Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity 9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page.

 


Copyright 2017, cxsecurity.com