PT-2014-2203 · Red Hat · Red Hat Jboss Operations Network
David Jorm
·
Published
2014-02-14
·
Updated
2014-02-14
·
CVE-2012-0062
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat JBoss Operations Network (JON) versions prior to 2.4.2
Red Hat JBoss Operations Network (JON) versions 3.0.x prior to 3.0.1
Description
The issue allows remote attackers to hijack agent sessions via an agent registration request without a security token.
Recommendations
For versions prior to 2.4.2, update to version 2.4.2 or later.
For versions 3.0.x prior to 3.0.1, update to version 3.0.1 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Jboss Operations Network