CVE-2009-4843
ToutVirtual VirtualIQ Pro - Unauthenticated Remote Command Execution via JBoss Console
Title source: llmDescription
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37297
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507729/100/0/threaded
Exploit x_refsource_misc
http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
Scores
EPSS
0.0211
EPSS Percentile
79.5%
Details
CWE
CWE-287
Status
published
Products (1)
toutvirtual/virtualiq
3.5
Published
May 07, 2010
Tracked Since
Feb 18, 2026