vulnerability
Red Hat JBoss EAP: CVE-2016-2141: Other
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jun 23, 2016 | Sep 19, 2024 | Jun 19, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jun 23, 2016
Added
Sep 19, 2024
Modified
Jun 19, 2025
Description
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.. It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
Solution
red-hat-jboss-eap-upgrade-latest
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.