CVE-2012-0052

CWE-20 — Improper Input Validation CWE-863 — Incorrect Authorization8 documents5 sources

Severity

5.8MEDIUM

EPSS

0.3%

top 46.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Operations Network

Timeline

PublishedFeb 14

Latest updateMay 4

Description

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDredhat/jboss_operations_network2.4.1+8

🔴Vulnerability Details

GHSA

GHSA-fhpq-g3rr-xhmq: Red Hat JBoss Operations Network (JON) before 2↗2022-05-04

▶

CVEList

CVE-2012-0052: Red Hat JBoss Operations Network (JON) before 2↗2014-02-14

▶

📋Vendor Advisories

Red Hat

JON: Unapproved agents can connect using the name of an existing approved agent↗2012-02-01

▶

Red Hat

kernel: proc: /proc/<pid>/mem mem_write insufficient permission checking↗2012-01-18

▶

💬Community

Bugzilla

CVE-2012-4401 moodle: Course topics permission issue (MSA-12-0052)↗2012-09-17

▶

Bugzilla

CVE-2012-2922 drupal7: full path disclosure vulnerability↗2012-05-23

▶

Bugzilla

CVE-2012-0052 JON: Unapproved agents can connect using the name of an existing approved agent↗2012-01-16

▶