CVE-2012-1100

CWE-287 โ€” Improper Authentication6 documents6 sources
Severity
5.8MEDIUM
EPSS
0.3%
top 46.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss Operations Network
Timeline
PublishedFeb 14
Latest updateMay 17

Description

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-vffv-j7h7-crc3: Red Hat JBoss Operations Network (JON) 3โ†—2022-05-17
โ–ถ
CVEList
CVE-2012-1100: Red Hat JBoss Operations Network (JON) 3โ†—2014-02-14
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Exploit-DB
WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal (Metasploit)โ†—2012-07-02
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
JON: LDAP authentication allows any user access if bind credentials are badโ†—2012-02-28
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2012-1100 JON: LDAP authentication allows any user access if bind credentials are badโ†—2012-03-05
โ–ถ