EMC Smarts Network Configuration Manager Java RMI Access Control Flaw Lets Remote Users Gain Full Control
Version(s): prior to 9.2
Two vulnerabilities were reported in EMC Smarts Network Configuration Manager.
A remote user can access some Java Remote Method Invocation methods without authenticating to gain control of the target system.
A user can exploit unspecified flaws in the NCM System Management (SysAdmin) Console with unspecified impact.
A remote user can gain control of the target system.
The impact of the console vulnerability was not specified.
The vendor has issued a fix (9.2) for the Java vulnerability.
No solution was available for the NCM System Management (SysAdmin) Console vulnerability at the time of this entry. The vendor recommends disabling the console.