{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T11:46:36.385","vulnerabilities":[{"cve":{"id":"CVE-2019-0187","sourceIdentifier":"security@apache.org","published":"2019-03-06T17:29:00.383","lastModified":"2024-11-21T04:16:26.397","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised."},{"lang":"es","value":"La ejecución remota de código (RCE) autenticada es posible cuando JMeter se utiliza en su modo de distribución (en las opciones de línea de comando -r o -R). Un atacante puede establecer una conexión RMI a un servidor jmeter utilizando RemoteJMeterEngine y proceder con un ataque mediante el uso de una deserialización de datos no confiable. Esto solo afecta a la pruebas en ejecución en el modo distribuido. Nótese que las versiones anteriores a la 4.0 no son capaces de cifrar el tráfico entre los nodos ni de identificar los nodos que participan, por lo que se aconseja actualizar a JMeter 5.1."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-327"},{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jmeter:4.0:*:*:*:*:*:*:*","matchCriteriaId":"7207C91F-9D2B-4525-B1CE-6C6B358B24A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jmeter:5.0:*:*:*:*:*:*:*","matchCriteriaId":"20C4FF95-8BBB-4EF2-BDF9-8260BDB3411F"}]}]}],"references":[{"url":"http://mail-archives.apache.org/mod_mbox/jmeter-user/201903.mbox/%3CCAH9fUpaUQaFbgY1Zh4OvKSL4wdvGAmVt%2Bn4fegibDoAxK5XARw%40mail.gmail.com%3E","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/107219","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://mail-archives.apache.org/mod_mbox/jmeter-user/201903.mbox/%3CCAH9fUpaUQaFbgY1Zh4OvKSL4wdvGAmVt%2Bn4fegibDoAxK5XARw%40mail.gmail.com%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/107219","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}