CVE-2011-4573
JON: Incorrect delete permissions check
Severity Score
3.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.
Red Hat JBoss Operations Network (JON) anterior a 2.4.2 no fuerza debidamente permisos de modificar recurso para usuarios remotos autenticados cuando elimina una actualización de configuración de plugin del historial de propiedades de conexión de grupo, lo que previene tales actividades de ser registradas en el registro de auditoría.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-11-29 CVE Reserved
- 2012-02-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-0089.html | 2014-04-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=760024 | 2012-02-01 | |
| https://access.redhat.com/security/cve/CVE-2011-4573 | 2012-02-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | <= 2.4.1 Search vendor "Redhat" for product "Jboss Operations Network" and version " <= 2.4.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 1.0.0 Search vendor "Redhat" for product "Jboss Operations Network" and version "1.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.0.0 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.0.1 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.0.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.1.0 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.2 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.3 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.3.1 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.3.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.4 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.4" | - |
Affected
| ||||||