CVE-2012-0032

CWE-2645 documents5 sources

Severity

3.7LOW

EPSS

0.0%

top 87.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Operations Network

Timeline

PublishedApr 1

Latest updateMay 4

Description

Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/jboss_operations_network3.0

🔴Vulnerability Details

GHSA

GHSA-c4rv-9p5v-c69h: Red Hat JBoss Operations Network (JON) before 3↗2022-05-04

▶

CVEList

CVE-2012-0032: Red Hat JBoss Operations Network (JON) before 3↗2014-04-01

▶

📋Vendor Advisories

Red Hat

CLI: world-writable root directory↗2012-03-20

▶

💬Community

Bugzilla

CVE-2012-0032 JON CLI: world-writable root directory↗2012-01-09

▶