CVE-2010-1454
VMware SpringSource tc Server Runtime <6.0.20.D-6.0.25.A-SR01 - RCE
Title source: llmDescription
com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58684
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39778
Vendor Advisory x_refsource_confirm
http://www.springsource.com/security/cve-2010-1454
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511307/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40205
Scores
EPSS
0.0055
EPSS Percentile
68.1%
Details
CWE
CWE-287
Status
published
Products (7)
vmware/tc_server
6.0.19
vmware/tc_server
6.0.19.a
vmware/tc_server
6.0.20
vmware/tc_server
6.0.20.a
vmware/tc_server
6.0.20.b
vmware/tc_server
6.0.20.c
vmware/tc_server
6.0.25.a
Published
May 19, 2010
Tracked Since
Feb 18, 2026