CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-1100 – JON: LDAP authentication allows any user access if bind credentials are bad
https://notcve.org/view.php?id=CVE-2012-1100
14 Feb 2014 — Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request. Red Hat JBoss Operations Network (JON) 3.0.x anterior a 3.0.1, 2.4.2 y anteriores, cuando la autenticación LDAP está habilitada y las credenciales de la cuenta LDAP bind no son válidos, permite a atacantes remotos iniciar una sesión en cuentas ... • http://rhn.redhat.com/errata/RHSA-2012-0396.html • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4452 – ON: World readable configuration files expose sensitive data
https://notcve.org/view.php?id=CVE-2013-4452
26 Nov 2013 — Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files. Red Hat JBoss Operations Network 3.1.2 utiliza permisos de lectura globales para ficheros de configuración de (1) servidor y (2) agente, lo cual permite a usuarios locales obtener credenciales de autenticación y otra información sensible no especificada med... • http://rhn.redhat.com/errata/RHSA-2013-1762.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4293 – Server: Plaintext passwords in server logs
https://notcve.org/view.php?id=CVE-2013-4293
21 Oct 2013 — The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files. El servidor en Red Hat JBoss Operations Network (JON) 3.1.2 loguea contraseñas en texto plano, lo que permite a usuarios locales obtener informació sensible leyendo los archivos de log. Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterpris... • http://rhn.redhat.com/errata/RHSA-2013-1448.html • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4373 – Drift: Malicious drift file import due to insecure temporary file usage
https://notcve.org/view.php?id=CVE-2013-4373
21 Oct 2013 — The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files. El método storeFiles en JPADriftServerBean en Red Hat JBoss Operations Network (JON) 3.1.2 permite a usuarios locales cargar archivos drift arbitrarios en el servidor escribiendo los archivos al directorio temporal que es utilizado para descomprimir archivos zip. Red Hat JBo... • http://rhn.redhat.com/errata/RHSA-2013-1448.html • CWE-20: Improper Input Validation CWE-377: Insecure Temporary File •
CVSS: 7.5EPSS: 34%CPEs: 99EXPL: 2CVE-2013-2165 – RichFaces: Remote code execution due to insecure deserialization
https://notcve.org/view.php?id=CVE-2013-2165
10 Jul 2013 — ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the c... • https://packetstorm.news/files/id/156663 • CWE-264: Permissions, Privileges, and Access Controls CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2011-3206 – JON: Multiple XSS flaws
https://notcve.org/view.php?id=CVE-2011-3206
08 Jan 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Varias vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la interfaz de administración de RHQ v4.2.0, tal y como se utiliza en JBoss Operations Network (también conocido como Jon o JBoss ON) antes de la versión v3.0, permite a atacantes ... • http://rhn.redhat.com/errata/RHSA-2012-0089.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •