CVE-2013-4373

CWE-20 — Improper Input Validation CWE-3775 documents5 sources

Severity

3.2LOW

EPSS

0.1%

top 84.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Operations Network

Timeline

PublishedOct 24

Latest updateMay 17

Description

The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.1 | Impact: 4.9

Affected Packages1 packages

▶NVDredhat/jboss_operations_network3.1.2

🔴Vulnerability Details

GHSA

GHSA-jqgv-v967-8r8h: The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3↗2022-05-17

▶

CVEList

CVE-2013-4373: The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3↗2013-10-24

▶

📋Vendor Advisories

Red Hat

Drift: Malicious drift file import due to insecure temporary file usage↗2013-10-21

▶

💬Community

Bugzilla

CVE-2013-4373 JON Drift: Malicious drift file import due to insecure temporary file usage↗2013-09-25

▶