Auth bypass in Redhat Jboss_enterprise_portal_platform

CVE-2013-2102

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by…

Vulnerability class: Broken Authentication

EPSS: 0.001 (33.7th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_enterprise_portal_platform — versions 4.3.0, 5.0.0, 5.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

RHSA-2013:1437 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)