CVE-2009-3554 — Sensitive Information Exposure in Redhat Jboss Enterprise Application Platform

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 79.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedDec 15

Latest updateMay 2

Description

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform4.2, 4.2.0, 4.2.2+2

Patches

Patch: www.redhat.com ↗Patch: bugzilla.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-p46q-pmw2-55mw: Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4↗2022-05-02

▶

CVEList

CVE-2009-3554: Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4↗2009-12-15

▶

📋Vendor Advisories

Red Hat

JBoss EAP Twiddle logs the JMX password↗2009-10-02

▶

💬Community

Bugzilla

CVE-2009-3554 JBoss EAP Twiddle logs the JMX password↗2009-11-20

▶