3.5
CVE-2011-4573
- EPSS 0.81%
- Veröffentlicht 01.04.2014 06:35:52
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Operations Network Version <= 2.4.1
Redhat ≫ Jboss Operations Network Version1.0.0
Redhat ≫ Jboss Operations Network Version2.0.0
Redhat ≫ Jboss Operations Network Version2.0.1
Redhat ≫ Jboss Operations Network Version2.1.0
Redhat ≫ Jboss Operations Network Version2.2
Redhat ≫ Jboss Operations Network Version2.3
Redhat ≫ Jboss Operations Network Version2.3.1
Redhat ≫ Jboss Operations Network Version2.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.81% | 0.52 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
http://rhn.redhat.com/errata/RHSA-2012-0089.html
https://bugzilla.redhat.com/show_bug.cgi?id=760024