Intelligence Center » Browse All Vulnerabilities » CVE-2012-3370
Overview |
|
| Vulnerability Score |  5.8 |
| CVE Id | CVE-2012-3370 |
| Last Modified | 17 Jan 2015 09:59:11 |
| Published | 05 Feb 2013 06:55:01 |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact |  NONE |
| Access Vector | NETWORK |
| Access Complexity | MEDIUM |
| Authentication | NONE |
CVE-2012-3370
Summary
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
Vulnerable Systems
Application
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Brms Platform 5.3.0
Redhat Jboss Enterprise Web Platform 5.2.0
References
MISC - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456
XF - jboss-eap-getcredential-info-disc(81513)
BID - 57550
OSVDB - 89581
SECTRACK - 1028042
SECUNIA - 52054
SECUNIA - 51984
REDHAT - RHSA-2013:0221
REDHAT - RHSA-2013:0198
REDHAT - RHSA-2013:0197
REDHAT - RHSA-2013:0196
REDHAT - RHSA-2013:0195
REDHAT - RHSA-2013:0194
REDHAT - RHSA-2013:0193
REDHAT - RHSA-2013:0192
REDHAT - RHSA-2013:0191
REDHAT - RHSA-2013:0533
IT Risk Posture:
Free Risk Assessment Tools
Application Scanner
Find vulnerabilities on your network.
Device Scanner
Find vulnerabilities on your network.
Patch Scanner
Find vulnerabilities on your network.
Last Updated: 27 May 2016 10:55:06
