VYPR
Critical severity9.8NVD Advisory· Published Jun 30, 2016· Updated Jun 17, 2026

CVE-2016-2141

CVE-2016-2141

Description

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jgroups:jgroupsMaven
>= 3.3.0.Alpha1, < 3.6.10.Final3.6.10.Final
org.jgroups:jgroupsMaven
< 3.2.16.Final3.2.16.Final

Affected products

5
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jgroups:*:*:*:*:*:*:*:*
    Range: <4.0
  • ghsa-coords
    Range: >= 3.3.0.Alpha1, < 3.6.10.Final

Patches

Vulnerability mechanics

References

34

News mentions

0

No linked articles in our index yet.