Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9gba-st3z-cubc
Vulnerability ID VCID-9gba-st3z-cubc
Aliases CVE-2013-4112
GHSA-cc62-496p-hrr7
Summary The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1207.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1208.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1209.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1437.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1771.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0029.html
epss 0.01302 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.01302 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.01302 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=983489
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-cc62-496p-hrr7
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-4112
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1771.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4112.json
https://api.first.org/data/v1/epss?cve=CVE-2013-4112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4112
https://nvd.nist.gov/vuln/detail/CVE-2013-4112
717031 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717031
983489 https://bugzilla.redhat.com/show_bug.cgi?id=983489
CVE-2013-4112 https://bugzilla.redhat.com/CVE-2013-4112
GHSA-cc62-496p-hrr7 https://github.com/advisories/GHSA-cc62-496p-hrr7
RHSA-2013:1207 https://access.redhat.com/errata/RHSA-2013:1207
RHSA-2013:1208 https://access.redhat.com/errata/RHSA-2013:1208
RHSA-2013:1209 https://access.redhat.com/errata/RHSA-2013:1209
RHSA-2013:1437 https://access.redhat.com/errata/RHSA-2013:1437
RHSA-2013:1771 https://access.redhat.com/errata/RHSA-2013:1771
RHSA-2014:0029 https://access.redhat.com/errata/RHSA-2014:0029
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.80164
EPSS Score 0.01302
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:24:57.714566+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0