ID CVE-2014-8120
Summary The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:thermostat_project:thermostat:*:*:*:*:*:*:*:*
    cpe:2.3:a:thermostat_project:thermostat:*:*:*:*:*:*:*:*
CVSS
Base: 4.4 (as of 13-02-2023 - 00:43)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2014:2000
rpms
  • thermostat1-thermostat-0:1.0.4-60.6.el6
  • thermostat1-thermostat-0:1.0.4-70.6.el7
  • thermostat1-thermostat-debuginfo-0:1.0.4-60.6.el6
  • thermostat1-thermostat-debuginfo-0:1.0.4-70.6.el7
  • thermostat1-thermostat-javadoc-0:1.0.4-60.6.el6
  • thermostat1-thermostat-javadoc-0:1.0.4-70.6.el7
  • thermostat1-thermostat-webapp-0:1.0.4-60.6.el6
  • thermostat1-thermostat-webapp-0:1.0.4-70.6.el7
refmap via4
mlist [Thermostat-announce] 20141216 [SECURITY UPDATE] Thermostat 1.0.6 update released!
Last major update 13-02-2023 - 00:43
Published 18-12-2014 - 15:59
Last modified 13-02-2023 - 00:43
Back to Top