CVE-2012-2377

Redhat Jboss Enterprise Portal Platform < 5.2.1 - Authentication Bypass

Title source: rule

Description

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

References (19)

Scores

EPSS 0.0099
EPSS Percentile 76.6%

Classification

CWE
CWE-287
Status draft

Affected Products (28)

redhat/jboss_enterprise_portal_platform < 5.2.1
redhat/jboss_enterprise_portal_platform
redhat/jboss_enterprise_portal_platform
redhat/jboss_enterprise_portal_platform
redhat/jboss_enterprise_portal_platform
redhat/jboss_enterprise_portal_platform
redhat/jboss_enterprise_portal_platform
redhat/jboss_enterprise_portal_platform
redhat/jboss_enterprise_soa_platform < 5.2.0
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
... and 13 more

Timeline

Published Nov 23, 2012
Tracked Since Feb 18, 2026