Auth bypass in Redhat Jboss_operations_network

CVE-2012-1100

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary…

Vulnerability class: Broken Authentication

EPSS: 0.003 (54.1th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_operations_network — versions 2.0.0, 2.0.1, 2.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2012:0396 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2012:0406 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)