CVE-2013-2102

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.

Published: Oct 28, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-2102
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.3
AV:A/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
redhat / jboss_enterprise_portal_platform	5.2.2	5.2.2.x
redhat / jboss_enterprise_portal_platform	5.0.0	5.0.0.x
redhat / jboss_enterprise_portal_platform	5.1.1	5.1.1.x
redhat / jboss_enterprise_portal_platform	5.1.0	5.1.0.x
redhat / jboss_enterprise_portal_platform	5.2.1	5.2.1.x
redhat / jboss_enterprise_portal_platform	4.3.0	4.3.0.x
redhat / jboss_enterprise_portal_platform	5.2.0	5.2.0.x
redhat / jboss_enterprise_portal_platform	5.0.1	5.0.1.x
redhat / jboss_enterprise_portal_platform	-	6.0.0.x

Vulnerability Database

289,599

CVE-2013-2102