Vulnerability Description
In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nice | Engage | <= 6.5 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2019/Apr/4Mailing ListThird Party Advisory
- https://redtimmysec.wordpress.com/2019/03/26/jmx-rmi-multiple-applications-rce/MitigationThird Party Advisory
- https://seclists.org/bugtraq/2019/Apr/2Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2019/Apr/4Mailing ListThird Party Advisory
- https://redtimmysec.wordpress.com/2019/03/26/jmx-rmi-multiple-applications-rce/MitigationThird Party Advisory
- https://seclists.org/bugtraq/2019/Apr/2Mailing ListThird Party Advisory
FAQ
What is CVE-2019-7727?
CVE-2019-7727 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to...
How severe is CVE-2019-7727?
CVE-2019-7727 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-7727?
Check the references section above for vendor advisories and patch information. Affected products include: Nice Engage.