Improper input validation in Redhat Jboss_operations_network

CVE-2012-0052

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (53.5th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_operations_network — versions 2.0.0, 2.0.1, 2.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2012:0089 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2012:0406 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)