3.3

CVE-2012-2377

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

Data is provided by the National Vulnerability Database (NVD)
RedhatJboss Enterprise Portal Platform Version4.3.0 Updatecp07
RedhatJboss Enterprise Soa Platform Version4.2.0 Updatecp01
RedhatJboss Enterprise Soa Platform Version4.2.0 Updatecp02
RedhatJboss Enterprise Soa Platform Version4.2.0 Updatecp03
RedhatJboss Enterprise Soa Platform Version4.2.0 Updatecp04
RedhatJboss Enterprise Soa Platform Version4.2.0 Updatecp05
RedhatJboss Enterprise Soa Platform Version4.2.0 Updatetp02
RedhatJboss Enterprise Soa Platform Version4.3.0 Updatecp01
RedhatJboss Enterprise Soa Platform Version4.3.0 Updatecp02
RedhatJboss Enterprise Soa Platform Version4.3.0 Updatecp03
RedhatJboss Enterprise Soa Platform Version4.3.0 Updatecp04
RedhatJboss Enterprise Soa Platform Version4.3.0 Updatecp05
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.99% 0.748
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.3 6.5 2.9
AV:A/AC:L/Au:N/C:P/I:N/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.