IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service

guest · Feb 12, 2020

IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI)
Vulnerability Note VU#597809
February 12, 2020
https://kb.cert.org/vuls/id/597809/

Overview
IBM ServeRAID Manager version 9.30-17006 and prior exposes a Java RMI that allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
IBM ServeRAID Manager includes an embedded instance of Java version 1.4.2. Both ServeRAID Manager and Java 1.4.2 are no longer supported. ServeRAID Manager uses a Java remote method invocation (RMI) interface on a TCP port that listens on all interfaces by default. [...]
Impact
An unauthenticated remote attacker can execute arbitrary code on a vulnerable system.
Solution
IBM ServeRAID Manager is no longer supported and we do not expect IBM to release fixes
Click to expand...

Log in or Sign up

IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service

guest Guest

Log in or Sign up

IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service

guest Guest

Useful Searches