Vulnerability Description
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Toutvirtual | Virtualiq | 3.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37297Vendor Advisory
- http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txtExploit
- http://www.securityfocus.com/archive/1/507729/100/0/threaded
- http://secunia.com/advisories/37297Vendor Advisory
- http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txtExploit
- http://www.securityfocus.com/archive/1/507729/100/0/threaded
FAQ
What is CVE-2009-4843?
CVE-2009-4843 is a vulnerability with a CVSS score of 7.5 (HIGH). ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1)...
How severe is CVE-2009-4843?
CVE-2009-4843 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4843?
Check the references section above for vendor advisories and patch information. Affected products include: Toutvirtual Virtualiq.