CVE-2013-2102

Redhat Jboss Enterprise Portal Platform - Authentication Bypass

Title source: rule

Description

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.

References (2)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-1437.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=963984

Scores

EPSS 0.0014

EPSS Percentile 33.6%

Classification

CWE

CWE-287

Status draft

Affected Products (9)

redhat/jboss_enterprise_portal_platform < 6.0.0

redhat/jboss_enterprise_portal_platform

Timeline

Published Oct 28, 2013

Tracked Since Feb 18, 2026