PT-2013-4940 · Red Hat · Red Hat Jboss Operations Network

Arun Babu Neelicattu

Published

2013-10-24

Updated

2013-10-25

CVE-2013-4293

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Operations Network (JON) version 3.1.2

Description The issue allows local users to obtain sensitive information by reading the log files, as the server logs passwords in plaintext.

Recommendations For Red Hat JBoss Operations Network (JON) version 3.1.2, consider restricting access to the log files to minimize the risk of exploitation. As a temporary workaround, review and modify the logging configuration to avoid storing sensitive information, such as passwords, in plaintext.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2013-4293

Affected Products

Red Hat Jboss Operations Network

PT-2013-4940 · Red Hat · Red Hat Jboss Operations Network

CVE-2013-4293

Weakness Enumeration

Related Identifiers

Affected Products

References · 3