CVE-2012-3370
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.7 Medium
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
83.2%
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
Affected configurations
References
rhn.redhat.com/errata/RHSA-2013-0191.html
rhn.redhat.com/errata/RHSA-2013-0192.html
rhn.redhat.com/errata/RHSA-2013-0193.html
rhn.redhat.com/errata/RHSA-2013-0194.html
rhn.redhat.com/errata/RHSA-2013-0195.html
rhn.redhat.com/errata/RHSA-2013-0196.html
rhn.redhat.com/errata/RHSA-2013-0197.html
rhn.redhat.com/errata/RHSA-2013-0198.html
rhn.redhat.com/errata/RHSA-2013-0221.html
rhn.redhat.com/errata/RHSA-2013-0533.html
secunia.com/advisories/51984
secunia.com/advisories/52054
securitytracker.com/id?1028042
www.osvdb.org/89581
www.securityfocus.com/bid/57550
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456
exchange.xforce.ibmcloud.com/vulnerabilities/81513
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.7 Medium
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
83.2%