When a JGroups channel is started, the JGroups diagnostics service will be enabled by default with no authentication. This service is exposed via IP multicast. An attacker on an adjacent network can exploit this flaw only to read diagnostics information (information disclosure).
Acknowledgements: This issue was discovered by Red Hat.
This issue has been addressed in following products: Red Hat JBoss Portal 6.1.0 Via RHSA-2013:1437 https://rhn.redhat.com/errata/RHSA-2013-1437.html