CVE-2012-0062

CWE-287 — Improper Authentication7 documents5 sources

Severity

5.8MEDIUM

EPSS

0.3%

top 49.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Operations Network

Timeline

PublishedFeb 14

Latest updateMay 4

Description

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDredhat/jboss_operations_network2.4.1+8

🔴Vulnerability Details

GHSA

GHSA-2c3w-hjxh-5rqg: Red Hat JBoss Operations Network (JON) before 2↗2022-05-04

▶

CVEList

CVE-2012-0062: Red Hat JBoss Operations Network (JON) before 2↗2014-02-14

▶

📋Vendor Advisories

Red Hat

JON: Unapproved agents can hijack an approved agent's endpoint by using a null security token↗2012-02-01

▶

💬Community

Bugzilla

CVE-2012-5471 moodle: Various security issues fixed in upstream 2.3.3, 2.2.6 and 2.1.9 versions (MSA-12-0057, MSA-12-0058, MSA-12-0059, MSA-12-0060, MSA-12-0061, MSA-12-0062, MSA-12-0063) [fedora-all]↗2012-11-19

▶

Bugzilla

CVE-2012-0062 JON: Unapproved agents can hijack an approved agent's endpoint by using a null security token↗2012-01-19

▶