Improper input validation in Redhat Jboss_operations_network

CVE-2013-4373

The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (16.3th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_operations_network — versions 3.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

jon-cve20134373-insecure-permissions(88179) (vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
RHSA-2013:1448 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)