Lucene search

[email protected]CVE-2011-2925

HistorySep 20, 2011 - 5:55 a.m.

CVE-2011-2925

2011-09-2005:55:02

CWE-287

[email protected]

web.nvd.nist.gov

cve-2011-2925

cumin

red hat

enterprise messaging

realtime

grid (mrg) 2.0

authentication bypass

unauthorized actions

security vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker.

Affected configurations

NVD

Node

redhatenterprise_mrgMatch2.0

CPENameOperatorVersion
redhat:enterprise_mrgredhat enterprise mrgeq2.0

CPE	Name	Operator	Version
redhat:enterprise_mrg	redhat enterprise mrg	eq	2.0

References

osvdb.org/75217

secunia.com/advisories/45887

secunia.com/advisories/45928

www.redhat.com/support/errata/RHSA-2011-1249.html

www.redhat.com/support/errata/RHSA-2011-1250.html

www.securityfocus.com/bid/49500

www.securitytracker.com/id?1026021

bugzilla.redhat.com/show_bug.cgi?id=731574

exchange.xforce.ibmcloud.com/vulnerabilities/69659

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2011-2925

redhat2 nessus2 veracode1 nvd1 ubuntucve1 prion1 cvelist1