3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
74.3%
JGroups diagnostics service in JBoss Enterprise Portal Platform before
5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is
enabled without authentication when started by the JGroups channel, which
allows remote attackers in adjacent networks to read diagnostics
information via a crafted IP multicast.
Author | Note |
---|---|
tyhicks | Per Debian, not affected |