Lucene search

[email protected]NVD:CVE-2012-3369

HistoryFeb 05, 2013 - 11:55 p.m.

CVE-2012-3369

2013-02-0523:55:01

CWE-264

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.8%

JSON

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user’s password to be used.

Affected configurations

NVD

Node

redhatjboss_enterprise_web_platformMatch5.2.0

Node

redhatjboss_enterprise_application_platformMatch5.2.0

Node

redhatjboss_enterprise_brms_platformRange≤5.3.0

References

rhn.redhat.com/errata/RHSA-2013-0191.html

rhn.redhat.com/errata/RHSA-2013-0192.html

rhn.redhat.com/errata/RHSA-2013-0193.html

rhn.redhat.com/errata/RHSA-2013-0194.html

rhn.redhat.com/errata/RHSA-2013-0195.html

rhn.redhat.com/errata/RHSA-2013-0196.html

rhn.redhat.com/errata/RHSA-2013-0197.html

rhn.redhat.com/errata/RHSA-2013-0198.html

rhn.redhat.com/errata/RHSA-2013-0221.html

rhn.redhat.com/errata/RHSA-2013-0533.html

secunia.com/advisories/51984

secunia.com/advisories/52054

securitytracker.com/id?1028042

www.securityfocus.com/bid/57547

bugzilla.redhat.com/show_bug.cgi?id=836451

exchange.xforce.ibmcloud.com/vulnerabilities/81512

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.8%

JSON

Related for NVD:CVE-2012-3369

cvelist1 prion1 cve1 redhat8 veracode8 nessus6