Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3431


Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3431
Last Modified 27 Nov 2012 12:00:00
Published 23 Nov 2012 03:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.

Vulnerable Systems


  • Redhat Jboss Enterprise Data Services Platform 5.1.0

  • Redhat Jboss Enterprise Data Services Platform 5.2.0



XF - teiid-jdbc-info-disc(78803)

BID - 55634

REDHAT - RHSA-2012:1301

Last Updated: 27 May 2016 10:58:30