H3-2022-0035¶

Unauthenticated Access to JavaMelody Monitoring Console

Description¶

JavaMelody is used to monitor Java applications and if incorrectly configured sensitive information could be exposed.

Impact¶

Sensitive environment information and user session data may be leaked to attackers allowing for further exploitation.

References¶

• JavaMelody User Guide
• Blog Post that Includes JavaMelody Exploitation
• CWE-215: Insertion of Sensitive Information Into Debugging Code