CVE-2012-0052

Red Hat JBoss Operations Network < 2.4.2 and 3.0.x < 3.0.1 - Agent Identity Spoofing via Missing Agent Key Check

Title source: llm
STIX 2.1

Description

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.

References (3)

Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=781964
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0089.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0406.html

Scores

EPSS 0.0118
EPSS Percentile 64.1%

Details

CWE
CWE-20
Status published
Products (9)
redhat/jboss_operations_network 2.0.0
redhat/jboss_operations_network 2.0.1
redhat/jboss_operations_network 2.1.0
redhat/jboss_operations_network 2.2
redhat/jboss_operations_network 2.3
redhat/jboss_operations_network 2.3.1
redhat/jboss_operations_network 2.4
redhat/jboss_operations_network 3.0
redhat/jboss_operations_network < 2.4.1
Published Feb 14, 2014
Tracked Since Feb 18, 2026