CVE-2016-5062 (aternity)
The web server in Aternity 9 and earlier does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
Source: CVE-2016-5062 (aternity)