CVE-2016-5062 (aternity)

The web server in Aternity 9 and earlier does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.

Source: CVE-2016-5062 (aternity)