CVE-2024-32656: Insecure Jmx Authentication
Java Management Extensions (JMX) is configured with authentication disabled (`com.sun.management.jmxremote.authenticate=false`). This allows any user who can connect to the JMX port (even locally) to execute arbitrary code by remotely loading an MBean. Remove this configuration or set it to 'true' and ensure proper authentication.
greprules fetch cve-2024-32656-insecure-jmx-authentication --engine opengrepDescription
Java Management Extensions (JMX) is configured with authentication disabled (`com.sun.management.jmxremote.authenticate=false`). This allows any user who can connect to the JMX port (even locally) to execute arbitrary code by remotely loading an MBean. Remove this configuration or set it to 'true' and ensure proper authentication.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.