CVE-2012-1100

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
redhatjboss_operations_network
𝑥
≤ 2.4.1
redhatjboss_operations_network
2.0.0
redhatjboss_operations_network
2.0.1
redhatjboss_operations_network
2.1.0
redhatjboss_operations_network
2.2
redhatjboss_operations_network
2.3
redhatjboss_operations_network
2.3.1
redhatjboss_operations_network
2.4
redhatjboss_operations_network
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2012-0396.html
http://rhn.redhat.com/errata/RHSA-2012-0406.html
https://bugzilla.redhat.com/show_bug.cgi?id=799789
http://rhn.redhat.com/errata/RHSA-2012-0396.html
http://rhn.redhat.com/errata/RHSA-2012-0406.html
https://bugzilla.redhat.com/show_bug.cgi?id=799789