CVE-2013-2102

CWE-287 — Improper Authentication5 documents5 sources

Severity

3.3LOW

EPSS

0.1%

top 66.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Portal Platform

Timeline

PublishedOct 28

Latest updateMay 17

Description

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.

CVSS vector

AV:A/AC:L/C:P/I:N/A:NExploitability: 6.5 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_portal_platform6.0.0+8

🔴Vulnerability Details

GHSA

GHSA-wv8v-33h6-fw96: The default configuration of Red Hat JBoss Portal before 6↗2022-05-17

▶

CVEList

CVE-2013-2102: The default configuration of Red Hat JBoss Portal before 6↗2013-10-28

▶

📋Vendor Advisories

Red Hat

Gatein: JGroups configurations enable diagnostics without authentication↗2013-10-16

▶

💬Community

Bugzilla

CVE-2013-2102 Gatein: JGroups configurations enable diagnostics without authentication↗2013-05-16

▶