Redhat Jboss Operations Network vulnerabilities

CVE-2013-4293 [LOW] CWE-310 CVE-2013-4293: The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files.

CVE-2013-4373 [LOW] CWE-20 CVE-2013-4373: The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows l The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.

CVE-2013-2165 [HIGH] CWE-264 CVE-2013-2165: ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framew ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1,

CVE-2011-3206 [MEDIUM] CWE-79 CVE-2011-3206: Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.