Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.
2014-04-01T06:35:52.497
2025-04-12T10:46:40.837
Deferred
CVSSv2: 3.5 (LOW)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | redhat | jboss_operations_network | ≤ 2.4.1 | Yes |
| Application | redhat | jboss_operations_network | 1.0.0 | Yes |
| Application | redhat | jboss_operations_network | 2.0.0 | Yes |
| Application | redhat | jboss_operations_network | 2.0.1 | Yes |
| Application | redhat | jboss_operations_network | 2.1.0 | Yes |
| Application | redhat | jboss_operations_network | 2.2 | Yes |
| Application | redhat | jboss_operations_network | 2.3 | Yes |
| Application | redhat | jboss_operations_network | 2.3.1 | Yes |
| Application | redhat | jboss_operations_network | 2.4 | Yes |