123 matches found
Design/Logic Flaw
Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name...
CVE-2012-0052
CVE-2012-0052 affects Red Hat JBoss Operations Network (JBoss ON) 2.4.2 and 3.0.x before 3.0.1. The issue is failure to validate the JON agent key, allowing remote attackers to spoof arbitrary agents by registering agent name, potentially hijacking sessions and exfiltrating data (e.g., JMX creden...
CVE-2012-0062
Red Hat JBoss Operations Network (JBoss ON) is affected by CVE-2012-0062. Versions affected: JON before 2.4.2 and 3.0.x before 3.0.1. Root cause: an agent registration request could be processed without a valid security token. Impact: remote attackers can hijack an approved agent’s session and st...
CVE-2012-0052
Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name...
CVE-2012-0062
Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token...
CVE-2012-1100
CVE-2012-1100 affects Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1 and 2.4.2 and earlier. When LDAP authentication is enabled and the LDAP bind account credentials are invalid, remote attackers can log into LDAP-based accounts by supplying any password in a login request. This is the...
Authentication flaw
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the 1 server and 2 agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files...
CVE-2013-4452
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the 1 server and 2 agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files...
CVE-2013-4452
The CVE-2013-4452 issue affects Red Hat JBoss Operations Network (JON) 3.1.2, where server and agent configuration files were world-readable, allowing local users to read authentication credentials and other sensitive information. The root cause is permissions misconfiguration on the configuratio...
ON: World readable configuration files expose sensitive data
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the 1 server and 2 agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files...
Moderate: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.1.2 update
An update for Red Hat JBoss Operations Network 3.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2013-4293
The server in Red Hat JBoss Operations Network JON 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files...
Design/Logic Flaw
The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network JON 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files...
CVE-2013-4373
The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network JON 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files...
CVE-2013-4293
CVE-2013-4293 affects Red Hat JBoss Operations Network (JON) 3.1.2. The server stores passwords in plaintext in log files, enabling a local attacker with log access to obtain sensitive credentials. This is a local, file-based disclosure vulnerability. The Red Hat advisory RHSA-2013:1448 notes a s...
CVE-2013-4293
The server in Red Hat JBoss Operations Network JON 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files...
CVE-2013-4373
Red Hat JBoss Operations Network 3.1.2 is affected by CVE-2013-4373. The vulnerability is in JPADriftServerBean.storeFiles, which creates a predictable temporary directory when unpacking a zip file, allowing a local attacker to place their own drift files into the server. Impact is local, enablin...
Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.1.2 update
An update for Red Hat JBoss Operations Network 3.1.2 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which...
Drift: Malicious drift file import due to insecure temporary file usage
The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network JON 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files...
Server: Plaintext passwords in server logs
The server in Red Hat JBoss Operations Network JON 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files...