CVE-2011-4573

Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.

Published: Apr 1, 2014
Updated: Apr 13, 2023
CVE: CVE-2011-4573
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
redhat / jboss_operations_network	-	2.4.1.x
redhat / jboss_operations_network	2.3.1	2.3.1.x
redhat / jboss_operations_network	2.4	2.4.x
redhat / jboss_operations_network	2.0.1	2.0.1.x
redhat / jboss_operations_network	1.0.0	1.0.0.x
redhat / jboss_operations_network	2.1.0	2.1.0.x
redhat / jboss_operations_network	2.3	2.3.x
redhat / jboss_operations_network	2.0.0	2.0.0.x
redhat / jboss_operations_network	2.2	2.2.x

http://rhn.redhat.com/errata/RHSA-2012-0089.html
https://bugzilla.redhat.com/show_bug.cgi?id=760024

Vulnerability Database

CVE-2011-4573

Deep Security Visibility Without the Complexity