CVE-2013-4112 — Sensitive Information Exposure in Jgroup

CWE-200 — Sensitive Information Exposure9 documents7 sources

Severity

5.4MEDIUMNVD

EPSS

0.6%

top 29.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jgroups Jgroup Redhat Jboss Enterprise Application Platform

Timeline

PublishedSep 28

Latest updateMay 17

Description

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 5.5 | Impact: 6.4

Affected Packages2 packages

▶NVDjgroups/jgroup28 versions+27

▶NVDredhat/jboss_enterprise_application_platform6.1.0

🔴Vulnerability Details

GHSA

Exposure of Sensitive Information to an Unauthorized Actor in JGroup↗2022-05-17

▶

OSV

Exposure of Sensitive Information to an Unauthorized Actor in JGroup↗2022-05-17

▶

OSV

CVE-2013-4112: The DiagnosticsHandler in JGroup 3↗2013-09-28

▶

CVEList

CVE-2013-4112: The DiagnosticsHandler in JGroup 3↗2013-09-28

▶

📋Vendor Advisories

Red Hat

JGroups: Authentication via cached credentials↗2013-07-11

▶

Debian

CVE-2013-4112: libjgroups-java - The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x bef...↗2013

▶

💬Community

Bugzilla

jgroups: CVE-2013-4112 JGroups: Authentication via cached credentials [brms-5]↗2013-07-15

▶

Bugzilla

CVE-2013-4112 JGroups: Authentication via cached credentials↗2013-07-11

▶