CVE-2012-3370
published 2013-02-05CVE-2012-3370: The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before…
medium5.8CVSS 3.1
AVNACMAuNCPIPAN
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_brms_platform | <= 5.3.0 | — |
| redhat | jboss_enterprise_web_platform | — | — |