CVE-2012-0062

Red Hat JBoss Operations Network < 2.4.2 and 3.0.x < 3.0.1 - Unauthenticated Session Hijack via Agent Registration

Title source: llm
STIX 2.1

Description

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0089.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=783008
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0406.html

Scores

EPSS 0.0112
EPSS Percentile 62.1%

Details

CWE
CWE-287
Status published
Products (9)
redhat/jboss_operations_network 2.0.0
redhat/jboss_operations_network 2.0.1
redhat/jboss_operations_network 2.1.0
redhat/jboss_operations_network 2.2
redhat/jboss_operations_network 2.3
redhat/jboss_operations_network 2.3.1
redhat/jboss_operations_network 2.4
redhat/jboss_operations_network 3.0
redhat/jboss_operations_network < 2.4.1
Published Feb 14, 2014
Tracked Since Feb 18, 2026