CVE-2012-2377

JBoss Enterprise Portal Platform < 5.2.1 and SOA Platform < 5.2.0 - Information Disclosure via JGroups

Title source: llm
STIX 2.1

Description

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

References (19)

Core 19
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0192.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0198.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0195.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0196.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0193.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0191.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0197.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0194.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1028.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54183
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50084
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/83085
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76540
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51984
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50549
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=823392
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49669
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1232.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1125.html

Scores

EPSS 0.0145
EPSS Percentile 70.0%

Details

CWE
CWE-287
Status published
Products (16)
redhat/jboss_enterprise_brms_platform < 5.2.0
redhat/jboss_enterprise_portal_platform 4.3.0 (2 CPE variants)
redhat/jboss_enterprise_portal_platform 5.0.0
redhat/jboss_enterprise_portal_platform 5.0.1
redhat/jboss_enterprise_portal_platform 5.1.0
redhat/jboss_enterprise_portal_platform 5.1.1
redhat/jboss_enterprise_portal_platform 5.2.0
redhat/jboss_enterprise_portal_platform < 5.2.1
redhat/jboss_enterprise_soa_platform 4.2.0 (7 CPE variants)
redhat/jboss_enterprise_soa_platform 4.3.0 (6 CPE variants)
... and 6 more
Published Nov 23, 2012
Tracked Since Feb 18, 2026