JGroup is vulnerable to aurthorization bypass attacks which can lead to information disclosure and spoofing attacks. The vulnerability exists as a malicious user can bypass security restrictions when the attacker node joins the cluster. It happens as JGroup did not check for the essential headers for encrypt and auth protocols when a new node joins the cluster.
rhn.redhat.com/errata/RHSA-2016-1435.html
rhn.redhat.com/errata/RHSA-2016-1439.html
rhn.redhat.com/errata/RHSA-2016-2035.html
www.securityfocus.com/bid/91481
www.securitytracker.com/id/1036165
access.redhat.com/articles/2360521
access.redhat.com/documentation/en/jboss-enterprise-application-platform/
access.redhat.com/errata/RHSA-2016:1332
access.redhat.com/errata/RHSA-2016:1345
access.redhat.com/errata/RHSA-2016:1346
access.redhat.com/errata/RHSA-2016:1347
access.redhat.com/errata/RHSA-2016:1374
access.redhat.com/errata/RHSA-2016:1376
access.redhat.com/errata/RHSA-2016:1389
access.redhat.com/errata/RHSA-2016:1432
access.redhat.com/errata/RHSA-2016:1433
access.redhat.com/errata/RHSA-2016:1434
access.redhat.com/security/updates/classification/#critical
issues.jboss.org/browse/JGRP-2021
lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E
lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E
rhn.redhat.com/errata/RHSA-2016-1328.html
rhn.redhat.com/errata/RHSA-2016-1329.html
rhn.redhat.com/errata/RHSA-2016-1330.html
rhn.redhat.com/errata/RHSA-2016-1331.html
rhn.redhat.com/errata/RHSA-2016-1332.html
rhn.redhat.com/errata/RHSA-2016-1333.html
rhn.redhat.com/errata/RHSA-2016-1334.html
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html