Lucene search

K
cve[email protected]CVE-2012-1100
HistoryFeb 14, 2014 - 3:55 p.m.

CVE-2012-1100

2014-02-1415:55:04
CWE-287
web.nvd.nist.gov
17
red hat
jboss
operations network
jon
ldap
authentication
remote attackers
cve-2012-1100

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.

Affected configurations

NVD
Node
redhatjboss_operations_networkRange2.4.1
OR
redhatjboss_operations_networkMatch2.0.0
OR
redhatjboss_operations_networkMatch2.0.1
OR
redhatjboss_operations_networkMatch2.1.0
OR
redhatjboss_operations_networkMatch2.2
OR
redhatjboss_operations_networkMatch2.3
OR
redhatjboss_operations_networkMatch2.3.1
OR
redhatjboss_operations_networkMatch2.4
OR
redhatjboss_operations_networkMatch3.0

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

Related for CVE-2012-1100