Support Content Notification - Support Portal

BSA-2020-1044

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21576

Last Updated

06 July 2020

Initial Publication Date

06 July 2020

Status

Closed

Severity

N/A

CVSS Base Score

7.0

WorkAround

Affected CVE

CVE-2019-12418

Summary

Security Advisory ID : BSA-2020-1044

Component : Apache Tomcat

Revision : 1.0: Final

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.

Affected Products

No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	Jul 07, 2020