qtc-de
commented
6 months ago No aces in my sleeve for this one :smiling_face_with_tear: However, if you are not accessing JMX via Jolokia, you might can utilize the standard or model actions.
Moreover, running the info action without further arguments prints method summaries for all MBeans. If you are lucky you may find some previously unknown methods that can lead to RCE :upside_down_face:
I don't suppose you have any other methods of RCE when
ObjectName: com.sun.management:type=DiagnosticCommandlooks like this? even with admin:admin on a wowza server i'm checking out a number of things are locked down well.