3.3
CVE-2012-2377
- EPSS 1.45%
- Veröffentlicht 23.11.2012 20:55:02
- Zuletzt bearbeitet 16.06.2026 23:41:26
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Enterprise Portal Platform Version <= 5.2.1
Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0
Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp07
Redhat ≫ Jboss Enterprise Portal Platform Version5.0.0
Redhat ≫ Jboss Enterprise Portal Platform Version5.0.1
Redhat ≫ Jboss Enterprise Portal Platform Version5.1.0
Redhat ≫ Jboss Enterprise Portal Platform Version5.1.1
Redhat ≫ Jboss Enterprise Portal Platform Version5.2.0
Redhat ≫ Jboss Enterprise Soa Platform Version <= 5.2.0
Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0
Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp01
Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp02
Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp03
Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp04
Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp05
Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatetp02
Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0
Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp01
Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp02
Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp03
Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp04
Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp05
Redhat ≫ Jboss Enterprise Soa Platform Version5.0.0
Redhat ≫ Jboss Enterprise Soa Platform Version5.0.1
Redhat ≫ Jboss Enterprise Soa Platform Version5.0.2
Redhat ≫ Jboss Enterprise Soa Platform Version5.1.0
Redhat ≫ Jboss Enterprise Soa Platform Version5.1.1
Redhat ≫ Jboss Enterprise Brms Platform Version <= 5.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.45% | 0.699 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 6.5 | 2.9 |
AV:A/AC:L/Au:N/C:P/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://rhn.redhat.com/errata/RHSA-2012-1232.html
http://secunia.com/advisories/50549
http://secunia.com/advisories/50084
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0194.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html
http://rhn.redhat.com/errata/RHSA-2013-0196.html
http://rhn.redhat.com/errata/RHSA-2013-0197.html
http://rhn.redhat.com/errata/RHSA-2013-0198.html
http://secunia.com/advisories/51984
http://rhn.redhat.com/errata/RHSA-2012-1028.html
http://rhn.redhat.com/errata/RHSA-2012-1125.html
http://secunia.com/advisories/49669
http://www.osvdb.org/83085
http://www.securityfocus.com/bid/54183
https://bugzilla.redhat.com/show_bug.cgi?id=823392
https://exchange.xforce.ibmcloud.com/vulnerabilities/76540