The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of JGroups

vulnerability note 21924

JGroups: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of JGroups.
Impacted products: JGroups.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 21/02/2017.
Identifiers: VIGILANCE-VUL-21924.

Description of the vulnerability

Several vulnerabilities were announced in JGroups.

An unknown vulnerability was announced via ENCRYPT. [severity:2/4]

An attacker can use a vulnerability via Java Serialization, in order to run code. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-2141

JGroups: unauthorized joining of a group

Synthesis of the vulnerability

An attacker can join a protected communication group managed with JGroups, in order to listen to sensitive communications.
Impacted products: JGroups, Junos Space, JBoss EAP by Red Hat.
Severity: 4/4.
Consequences: data reading, data creation/edition, data flow.
Provenance: intranet client.
Creation date: 24/06/2016.
Identifiers: CVE-2016-2141, JSA10838, RHSA-2016:1328-01, RHSA-2016:1329-01, RHSA-2016:1330-01, RHSA-2016:1331-01, RHSA-2016:1332-01, RHSA-2016:1333-01, RHSA-2016:1334-01, RHSA-2016:1345-01, RHSA-2016:1346-01, RHSA-2016:1347-01, RHSA-2016:1374-01, RHSA-2016:1389-01, RHSA-2016:1432-01, RHSA-2016:1433-01, RHSA-2016:1434-01, RHSA-2016:1435-01, RHSA-2016:2035-01, VIGILANCE-VUL-19966.

Description of the vulnerability

The JGroups product manages communication groups which may be cryptographically protected.

However, authentication checks are incomplete and key management is wrong. An unauthorized attacker can get the encryption keys and join the group both for sending and receiving.

An attacker can therefore join a protected communication group managed with JGroups, in order to listen to sensitive communications.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about JGroups: