Lucene search

PRIOn knowledge basePRION:CVE-2013-2102

HistoryOct 28, 2013 - 9:55 p.m.

Default configuration

2013-10-2821:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.

CPENameOperatorVersion
jboss_enterprise_portal_platformeq5.2.2
jboss_enterprise_portal_platformeq5.0.0
jboss_enterprise_portal_platformeq5.1.1
jboss_enterprise_portal_platformeq5.1.0
jboss_enterprise_portal_platformeq5.2.1
jboss_enterprise_portal_platformeq4.3.0
jboss_enterprise_portal_platformeq5.2.0
jboss_enterprise_portal_platformeq5.0.1
jboss_enterprise_portal_platformle6.0.0

Name	Operator	Version
jboss_enterprise_portal_platform	eq	5.2.2
jboss_enterprise_portal_platform	eq	5.0.0
jboss_enterprise_portal_platform	eq	5.1.1
jboss_enterprise_portal_platform	eq	5.1.0
jboss_enterprise_portal_platform	eq	5.2.1
jboss_enterprise_portal_platform	eq	4.3.0
jboss_enterprise_portal_platform	eq	5.2.0
jboss_enterprise_portal_platform	eq	5.0.1
jboss_enterprise_portal_platform	le	6.0.0

References

rhn.redhat.com/errata/RHSA-2013-1437.html

bugzilla.redhat.com/show_bug.cgi?id=963984

6.9 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for PRION:CVE-2013-2102