Design/Logic Flaw

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the 1 ServerInvokerServlet or 2 SchedulerService or 3 cause a denial of service disk consumption via the ContentManager...

CVE-2015-0297

Red Hat JBoss Operations Network 3.3.1 is affected by CVE-2015-0297. The issue arises because the server did not correctly restrict access to certain remote APIs, enabling a remote, unauthenticated attacker to execute arbitrary Java methods via the ServerInvokerServlet or SchedulerService, and po...

CVE-2015-0297

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the 1 ServerInvokerServlet or 2 SchedulerService or 3 cause a denial of service disk consumption via the ContentManager...

Critical: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.1 security update

An update for Red Hat JBoss Operations Network 3.3 update 1, which fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Moderate: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.1 update

Red Hat JBoss Operations Network 3.3 update 1, which fixes one security issue and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Moderate: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.3 update

Red Hat JBoss Operations Network 3.2.3, which fixes two security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.2 update

Red Hat JBoss Operations Network 3.2.2, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.1 security update

An update for Red Hat JBoss Operations Network 3.2.1, which fixes two security issues, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Moderate: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.1 update

Red Hat JBoss Operations Network 3.2.1, which fixes two security issues and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which giv...

CVE-2012-0032

Red Hat JBoss Operations Network JON before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials...

Design/Logic Flaw

Red Hat JBoss Operations Network JON before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials...

Design/Logic Flaw

Red Hat JBoss Operations Network JON before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail...

CVE-2011-4573

Red Hat JBoss Operations Network (JON) 2.4.1 and earlier versions are affected by CVE-2011-4573. The flaw allows remote authenticated users to bypass modify resource permissions when deleting a plug-in configuration update from the group connection properties history, enabling deletion from the a...

CVE-2012-0032

CVE-2012-0032 affects Red Hat JBoss Operations Network (JON) prior to 3.0.1. The root directory is created with 0777 permissions when installing the remote client, enabling local users to read or modify subdirectories/files and potentially obtain JON credentials. This is a local-privilege-concern...

CVE-2012-0032

Red Hat JBoss Operations Network JON before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials...

CVE-2011-4573

Red Hat JBoss Operations Network JON before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail...

CVE-2012-0052

Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name...

CVE-2012-0062

Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token...

Design/Logic Flaw

Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token...