CVE-2024-28211

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
naverCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
naverngrinder
𝑥
< 3.5.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cve.naver.com/detail/cve-2024-28211.html
https://cve.naver.com/detail/cve-2024-28211.html