CVE-2012-1100

Red Hat JBoss Operations Network (JON) <3.0.1-2.4.2 - Auth Bypass

Title source: llm
STIX 2.1

Description

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.

References (3)

Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=799789
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0396.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0406.html

Scores

EPSS 0.0124
EPSS Percentile 65.4%

Details

CWE
CWE-287
Status published
Products (9)
redhat/jboss_operations_network 2.0.0
redhat/jboss_operations_network 2.0.1
redhat/jboss_operations_network 2.1.0
redhat/jboss_operations_network 2.2
redhat/jboss_operations_network 2.3
redhat/jboss_operations_network 2.3.1
redhat/jboss_operations_network 2.4
redhat/jboss_operations_network 3.0
redhat/jboss_operations_network < 2.4.1
Published Feb 14, 2014
Tracked Since Feb 18, 2026