CVE-2012-0052
Red Hat JBoss Operations Network < 2.4.2 and 3.0.x < 3.0.1 - Agent Identity Spoofing via Missing Agent Key Check
Title source: llmDescription
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.
References (3)
Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=781964
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0089.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0406.html
Scores
EPSS
0.0118
EPSS Percentile
64.1%
Details
CWE
CWE-20
Status
published
Products (9)
redhat/jboss_operations_network
2.0.0
redhat/jboss_operations_network
2.0.1
redhat/jboss_operations_network
2.1.0
redhat/jboss_operations_network
2.2
redhat/jboss_operations_network
2.3
redhat/jboss_operations_network
2.3.1
redhat/jboss_operations_network
2.4
redhat/jboss_operations_network
3.0
redhat/jboss_operations_network
< 2.4.1
Published
Feb 14, 2014
Tracked Since
Feb 18, 2026