CVE-2012-0034

CWE-2556 documents5 sources

Severity

2.1LOW

EPSS

0.1%

top 78.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Brms Platform Redhat Jboss Enterprise Application Platform Redhat Jboss Enterprise WEB Platform

Timeline

PublishedFeb 5

Latest updateMay 4

Description

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/jboss_enterprise_brms_platform5.3.0

▶NVDredhat/jboss_enterprise_application_platform5.1.2, 5.2.0+1

▶NVDredhat/jboss_enterprise_web_platform5.1.2, 5.2.0+1

🔴Vulnerability Details

GHSA

GHSA-hcgg-293c-27px: The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5↗2022-05-04

▶

CVEList

CVE-2012-0034: The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5↗2013-02-05

▶

📋Vendor Advisories

Red Hat

Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs↗2011-12-30

▶

💬Community

Bugzilla

CVE-2012-0034 JBoss Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs↗2012-01-10

▶

Bugzilla

CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)↗2011-10-19

▶