Auth bypass in Redhat Jboss_operations_network

CVE-2012-0062

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.

Vulnerability class: Broken Authentication

EPSS: 0.003 (51.1th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_operations_network — versions 2.0.0, 2.0.1, 2.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

RHSA-2012:0089 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2012:0406 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)