CVE-2013-4112

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.

Published: Sep 28, 2013
Updated: Nov 9, 2025
CVE: CVE-2013-4112
GHSA: GHSA-cc62-496p-hrr7
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.4
AV:A/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
jgroups / jgroup	3.0.7	3.0.7.x
jgroups / jgroup	3.2.0	3.2.0.x
jgroups / jgroup	3.0.12	3.0.12.x
jgroups / jgroup	3.2.1	3.2.1.x
jgroups / jgroup	3.0.14	3.0.14.x
jgroups / jgroup	3.0.1	3.0.1.x
jgroups / jgroup	3.0.5	3.0.5.x
jgroups / jgroup	3.0.6	3.0.6.x
jgroups / jgroup	3.2.8	3.2.8.x
jgroups / jgroup	3.0.4	3.0.4.x
jgroups / jgroup	3.0.9	3.0.9.x
jgroups / jgroup	3.2.7	3.2.7.x
jgroups / jgroup	3.2.2	3.2.2.x
jgroups / jgroup	3.3.2	3.3.2.x
jgroups / jgroup	3.0.3	3.0.3.x
jgroups / jgroup	3.3.0	3.3.0.x
jgroups / jgroup	3.0.8	3.0.8.x
jgroups / jgroup	3.0.10	3.0.10.x
jgroups / jgroup	3.3.1	3.3.1.x
jgroups / jgroup	3.2.3	3.2.3.x
jgroups / jgroup	3.2.5	3.2.5.x
jgroups / jgroup	3.2.6	3.2.6.x
jgroups / jgroup	3.0.2	3.0.2.x
jgroups / jgroup	3.1.0	3.1.0.x
jgroups / jgroup	3.0.13	3.0.13.x
jgroups / jgroup	3.2.4	3.2.4.x
jgroups / jgroup	3.0.0	3.0.0.x
jgroups / jgroup	3.0.11	3.0.11.x
redhat / jboss_enterprise_application_platform	6.1.0	6.1.0.x
org.jgroups / jgroups	3.0.0	3.2.9.Final
org.jgroups / jgroups	3.3.0	3.3.3.Final

Vulnerability Database

314,343

CVE-2013-4112

Deep Security Visibility Without the Complexity