Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-PPG2-WW3W-HQ84
HistoryMay 17, 2022 - 5:17 a.m.

User confusion in IronJacamar

2022-05-1705:17:01
Google
osv.dev
16
ironjacamar
security domain
remote attackers
datasource connection

AI Score

7

Confidence

Low

EPSS

0.008

Percentile

81.4%

JSON

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

Related

prion 1
cvelist 1
veracode 5
nvd 1
github 1
cve 1
redhat 3
nessus 2
prion
prion
Design/Logic Flaw
2012-12-20 12:02:00
cvelist
cvelist
CVE-2012-3428
2012-12-20 11:00:00
veracode
veracode
Authorization Bypass
2018-11-07 08:01:08
Access Restriction Bypass
2019-05-02 04:43:22
Access Restriction Bypass
2019-05-02 04:43:29
nvd
nvd
CVE-2012-3428
2012-12-20 12:02:17
github
github
User confusion in IronJacamar
2022-05-17 05:17:01
cve
cve
CVE-2012-3428
2012-12-20 12:02:17
redhat
redhat
(RHSA-2012:1592) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00
(RHSA-2012:1591) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00
(RHSA-2012:1594) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2012:1592)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2012:1591)
2013-01-24 00:00:00

AI Score

7

Confidence

Low

EPSS

0.008

Percentile

81.4%

JSON
Related for OSV:GHSA-PPG2-WW3W-HQ84
prion1cvelist1veracode5nvd1github1cve1redhat3nessus2