Lucene search

K

RedhatCVELIST:CVE-2012-3370

HistoryFeb 05, 2013 - 11:11 p.m.

CVE-2012-3370

2013-02-0523:11:00

redhat

www.cve.org

1

5.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.

References

rhn.redhat.com/errata/RHSA-2013-0191.html

rhn.redhat.com/errata/RHSA-2013-0192.html

rhn.redhat.com/errata/RHSA-2013-0193.html

rhn.redhat.com/errata/RHSA-2013-0194.html

rhn.redhat.com/errata/RHSA-2013-0195.html

rhn.redhat.com/errata/RHSA-2013-0196.html

rhn.redhat.com/errata/RHSA-2013-0197.html

rhn.redhat.com/errata/RHSA-2013-0198.html

rhn.redhat.com/errata/RHSA-2013-0221.html

rhn.redhat.com/errata/RHSA-2013-0533.html

secunia.com/advisories/51984

secunia.com/advisories/52054

securitytracker.com/id?1028042

www.osvdb.org/89581

www.securityfocus.com/bid/57550

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456

exchange.xforce.ibmcloud.com/vulnerabilities/81513

5.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

Related for CVELIST:CVE-2012-3370

nvd1 prion1 cve1 seebug1 redhat8 veracode8 nessus6