Vulnerability Details CVE-2013-2102
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.4%
CVSS Severity
CVSS v2 Score 3.3
References
Products affected by CVE-2013-2102
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0