Описание
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | jgroups | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | jgroups | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | eap-4 | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | ewp-5 | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | jbds-5 | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | jbds-6 | Not affected | ||
| Red Hat JBoss Operations Network 3.1 | jgroups | Not affected | ||
| Red Hat JBoss Portal 4 | jgroups | Not affected | ||
| Red Hat JBoss Portal 5 | jgroups | Not affected | ||
| Red Hat JBoss SOA Platform 4.3 | jgroups | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS2
Связанные уязвимости
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and ...
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
EPSS
3.3 Low
CVSS2