Vulnerability Details : CVE-2012-0032
Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials.
Exploit prediction scoring system (EPSS) score for CVE-2012-0032
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-0032
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.7
|
LOW | AV:L/AC:H/Au:N/C:P/I:P/A:P |
1.9
|
6.4
|
NIST |
CWE ids for CVE-2012-0032
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0032
-
http://rhn.redhat.com/errata/RHSA-2012-0406.html
Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=772514
772514 – (CVE-2012-0032) CVE-2012-0032 JON CLI: world-writable root directory
Products affected by CVE-2012-0032
- cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*