Auth bypass in Redhat Jboss_enterprise_brms_platform
CVE-2012-2377
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers i…
Vulnerability class: Broken Authentication
EPSS: 0.010 (77.3th percentile) — read the EPSS interpretation.
Affected products
- Redhat Jboss_enterprise_brms_platform
- Redhat Jboss_enterprise_portal_platform — versions 4.3.0, 5.0.0, 5.0.1
- Redhat Jboss_enterprise_soa_platform — versions 4.2.0, 4.3.0, 5.0.0
- N/a — versions n/a
Weakness classification (CWE)
References
- RHSA-2012:1028 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- 54183 (vdb-entry, x_refsource_BID)
- RHSA-2013:0192 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2013:0198 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2013:0195 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2013:0196 (x_refsource_REDHAT, vendor-advisory)
- 50084 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 83085 (x_refsource_OSVDB, vdb-entry)
- jboss-jgroups-info-disc(76540) (vdb-entry, x_refsource_XF)
- RHSA-2013:0193 (x_refsource_REDHAT, vendor-advisory)