CVE-2011-4573 Information

Description

Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce \modify resource\ permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history which prevents such activities from being recorded in the audit trail.

Reference

http://rhn.redhat.com/errata/RHSA-2012-0089.html https://bugzilla.redhat.com/show_bug.cgi?id=760024