3.3

CVE-2012-2377

EPSS 0.99%
Veröffentlicht 23.11.2012 20:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Portal Platform Version <= 5.2.1

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp07

Redhat ≫ Jboss Enterprise Portal Platform Version5.0.0

Redhat ≫ Jboss Enterprise Portal Platform Version5.0.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.1.0

Redhat ≫ Jboss Enterprise Portal Platform Version5.1.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.2.0

Redhat ≫ Jboss Enterprise Soa Platform Version <= 5.2.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp01

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp03

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp04

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp05

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatetp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp01

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp03

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp04

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp05

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.0

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.1

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.2

Redhat ≫ Jboss Enterprise Soa Platform Version5.1.0

Redhat ≫ Jboss Enterprise Soa Platform Version5.1.1

Redhat ≫ Jboss Enterprise Brms Platform Version <= 5.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.99%	0.748

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://rhn.redhat.com/errata/RHSA-2012-1232.html

Vendor Advisory

http://secunia.com/advisories/50549

Vendor Advisory

http://secunia.com/advisories/50084

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0191.html

http://rhn.redhat.com/errata/RHSA-2013-0192.html

http://rhn.redhat.com/errata/RHSA-2013-0193.html

http://rhn.redhat.com/errata/RHSA-2013-0194.html

http://rhn.redhat.com/errata/RHSA-2013-0195.html

http://rhn.redhat.com/errata/RHSA-2013-0196.html

http://rhn.redhat.com/errata/RHSA-2013-0197.html

http://rhn.redhat.com/errata/RHSA-2013-0198.html

http://secunia.com/advisories/51984

http://rhn.redhat.com/errata/RHSA-2012-1028.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-1125.html

Vendor Advisory

http://secunia.com/advisories/49669

Vendor Advisory

http://www.osvdb.org/83085

http://www.securityfocus.com/bid/54183

https://bugzilla.redhat.com/show_bug.cgi?id=823392

https://exchange.xforce.ibmcloud.com/vulnerabilities/76540

https://nvd.nist.gov/vuln/detail/CVE-2012-2377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2377

EUVD