Description

Java Management Extensions (JMX) is a Java technology that supplies tools for managing and monitoring applications, system objects, devices (e.g. printers) and service-oriented networks. Those resources are represented by objects called MBeans (for Managed Bean). In the API, classes can be dynamically loaded and instantiated. RMI (Remote Method Invocation) is a Java specific implementation of a Remote Procedure Call interface.

Remediation

In a production system is not recommended to have the JMX/RMI service publicly available. Access to this service should be restricted.

References

Java Management Extensions

Related Vulnerabilities

[Possible] Password Transmitted over Query String

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9411)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32477)

OData feed accessible anonymously

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6455)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration