Skip to main content

Jboss Operations Network CVE-2012-1100

MEDIUM
Improper Authentication (CWE-287)
2014-02-14 secalert@redhat.com
5.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 14, 2014 - 15:55 cve.org
MEDIUM 5.8

DescriptionCVE.org

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.

AnalysisAI

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request. Affected products include: Redhat Jboss Operations Network. Version information: before 3.0.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2015-7501 CRITICAL
9.8 Nov 09

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2016-6330 CRITICAL
9.8 Sep 27

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent c

CVE-2013-2165 HIGH
7.5 Jul 23

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0

CVE-2016-3737 CRITICAL
9.8 Aug 02

The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via

CVE-2015-0297 CRITICAL
9.0 Apr 24

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers

CVE-2016-5422 HIGH
8.8 Sep 07

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users

CVE-2019-3834 HIGH
7.3 Oct 03

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). Rated high severity (

CVE-2012-0052 MEDIUM
5.8 Feb 14

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allow

CVE-2012-0062 MEDIUM
5.8 Feb 14

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessi

CVE-2015-3267 MEDIUM
4.3 Aug 11

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows r

CVE-2014-7853 MEDIUM
4.0 Feb 13

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.

Share

CVE-2012-1100 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy