Vmware Gemfire
Approved changes feed: RSS · Atom
cpe:2.3:a:vmware_tanzu:vmware_gemfire:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Vmware Tanzu (da821fa9-004a-54a3-94e4-fdafe5ab01aa) |
|---|---|
| Product | Vmware Gemfire (7ed4c6d6-7582-5edf-b204-4adfa176ce78) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-5396 |
vulnerable | 2026-06-08 05:26:42.699711 |
JMX Insecure Default Configuration in GemFire
VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.
Published: 2020-07-31T19:40:19.558Z
Updated: 2024-09-16T16:23:21.490Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11286 |
vulnerable | 2026-06-08 05:12:36.811367 |
JMX Credential Deserialization in GemFire
CRITICAL (9)
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.
Published: 2020-07-31T19:40:19.094Z
Updated: 2024-09-16T23:46:18.238Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.