JGroups: Authorization bypass

🗓️ 23 Jun 2016 21:07:16Reported by RedHatType

JGroups authorization bypass lets new nodes join without required encrypt and authentication headers, risking disclosure and spoofing.

Reporter	Title	Published	Views	Family All 71
CNVD	Red Hat JBoss Enterprise Application Platform Security Bypass Vulnerability	28 Jun 201600:00	–	cnvd
CVE	CVE-2016-2141	30 Jun 201600:00	–	cve
Cvelist	CVE-2016-2141	30 Jun 201600:00	–	cvelist
Debian CVE	CVE-2016-2141	30 Jun 201600:00	–	debiancve
EUVD	EUVD-2022-5146	3 Oct 202520:07	–	euvd
Github Security Blog	Improper Input Validation in JGroups	13 May 202201:03	–	github
Tenable Nessus	Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)	21 Mar 201800:00	–	nessus
Tenable Nessus	Oracle Siebel Server 8.5.1.x <= 8.5.1.7 / 8.6.0 / 8.6.1 (April 2019 CPU)	11 Dec 202400:00	–	nessus
Tenable Nessus	RHEL 5 / 6 : Red Hat JBoss Enterprise Application Platform 5.2 (RHSA-2016:1328)	27 Jun 201600:00	–	nessus
Tenable Nessus	RHEL 5 / 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.4 (RHSA-2016:1330)	27 Jun 201600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	4	any	jgroups	1:2.6.22-2.ep5.el4.noarch	jgroups-1:2.6.22-2.ep5.el4.noarch.noarch.rpm
Red Hat Enterprise Linux	5	any	jgroups	1:2.6.22-2.ep5.el5.noarch	jgroups-1:2.6.22-2.ep5.el5.noarch.noarch.rpm
Red Hat Enterprise Linux	6	any	jgroups	1:2.6.22-2.ep5.el6.noarch	jgroups-1:2.6.22-2.ep5.el6.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-2141
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-2141
cve	www.cve.org/CVERecord

14 May 2026 22:23Current

6.6Medium risk

Vulners AI Score6.6

CVSS 27.5

CVSS 3.19.8

EPSS0.01131