CVE-2012-0052

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
redhatjboss_operations_network
𝑥
≤ 2.4.1
redhatjboss_operations_network
2.0.0
redhatjboss_operations_network
2.0.1
redhatjboss_operations_network
2.1.0
redhatjboss_operations_network
2.2
redhatjboss_operations_network
2.3
redhatjboss_operations_network
2.3.1
redhatjboss_operations_network
2.4
redhatjboss_operations_network
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2012-0089.html
http://rhn.redhat.com/errata/RHSA-2012-0406.html
https://bugzilla.redhat.com/show_bug.cgi?id=781964
http://rhn.redhat.com/errata/RHSA-2012-0089.html
http://rhn.redhat.com/errata/RHSA-2012-0406.html
https://bugzilla.redhat.com/show_bug.cgi?id=781964