Skip to main content

Jboss Operations Network CVE-2013-4373

LOW
Improper Input Validation (CWE-20)
2013-10-24 secalert@redhat.com
3.2
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.2 LOW
AV:L/AC:L/Au:S/C:N/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:S/C:N/I:P/A:P
Attack Vector
Local
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 24, 2013 - 03:48 cve.org
LOW 3.2

DescriptionCVE.org

The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.

AnalysisAI

The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files. Affected products include: Redhat Jboss Operations Network.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-7501 CRITICAL
9.8 Nov 09

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2016-6330 CRITICAL
9.8 Sep 27

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent c

CVE-2013-2165 HIGH
7.5 Jul 23

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0

CVE-2016-3737 CRITICAL
9.8 Aug 02

The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via

CVE-2015-0297 CRITICAL
9.0 Apr 24

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers

CVE-2016-5422 HIGH
8.8 Sep 07

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users

CVE-2019-3834 HIGH
7.3 Oct 03

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). Rated high severity (

CVE-2012-1100 MEDIUM
5.8 Feb 14

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and t

CVE-2012-0052 MEDIUM
5.8 Feb 14

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allow

CVE-2012-0062 MEDIUM
5.8 Feb 14

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessi

CVE-2015-3267 MEDIUM
4.3 Aug 11

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows r

Share

CVE-2013-4373 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy