CVE-2013-4452
ON: World readable configuration files expose sensitive data
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files.
Red Hat JBoss Operations Network 3.1.2 utiliza permisos de lectura globales para ficheros de configuración de (1) servidor y (2) agente, lo cual permite a usuarios locales obtener credenciales de autenticación y otra información sensible no especificada mediante la lectura de dichos ficheros.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-11-26 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/63916 | Vdb Entry | |
http://www.securitytracker.com/id/1029390 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2013-1762.html | 2013-12-26 | |
http://secunia.com/advisories/55852 | 2013-12-26 | |
https://access.redhat.com/security/cve/CVE-2013-4452 | 2013-11-25 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1021756 | 2013-11-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 3.1.2 Search vendor "Redhat" for product "Jboss Operations Network" and version "3.1.2" | - |
Affected
|