cve-2011-4573
Vulnerability from cvelistv5
Published
2014-04-01 01:00
Modified
2024-08-07 00:09
Severity
Summary
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760024"
},
{
"name": "RHSA-2012:0089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce \"modify resource\" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-01T00:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760024"
},
{
"name": "RHSA-2012:0089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4573",
"datePublished": "2014-04-01T01:00:00",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2011-4573\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-04-01T06:35:52.497\",\"lastModified\":\"2014-04-01T14:38:49.943\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce \\\"modify resource\\\" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.\"},{\"lang\":\"es\",\"value\":\"Red Hat JBoss Operations Network (JON) anterior a 2.4.2 no fuerza debidamente permisos de modificar recurso para usuarios remotos autenticados cuando elimina una actualizaci\u00f3n de configuraci\u00f3n de plugin del historial de propiedades de conexi\u00f3n de grupo, lo que previene tales actividades de ser registradas en el registro de auditor\u00eda.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.5},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4.1\",\"matchCriteriaId\":\"87E50BCC-4B27-43F7-8AB3-EC27297C4B2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_operations_network:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC1625FD-302E-457E-BDD1-977DE614CB47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_operations_network:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D29DC3CE-E782-47F7-BDF4-4AB63728F05B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_operations_network:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF4A10F6-2128-4986-8A28-BD9B679D8380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_operations_network:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B720DED-23EE-4830-9C8B-441A38DAE80E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_operations_network:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FD44168-A91A-4043-8C34-7A20DC2C1A19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_operations_network:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66926B59-4A4F-47B9-9B2B-3D8DC698BC97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_operations_network:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72DFB62-EEA6-4126-9DC3-B191CC8D0CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_operations_network:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8DBE132-2A98-40C6-947F-50C1D06DDFB1\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0089.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=760024\",\"source\":\"secalert@redhat.com\"}]}}"
}
}
Loading...