CVE-2012-1100

Red Hat JBoss Operations Network (JON) <3.0.1-2.4.2 - Auth Bypass

Title source: llm

Description

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.

References (3)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-0396.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-0406.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=799789

Scores

EPSS 0.0031

EPSS Percentile 53.4%

Classification

CWE

CWE-287

Status draft

Affected Products (9)

redhat/jboss_operations_network < 2.4.1

redhat/jboss_operations_network

Timeline

Published Feb 14, 2014

Tracked Since Feb 18, 2026