CVE-2013-0218

CWE-200 — Information Exposure5 documents5 sources

Severity

2.1LOW

EPSS

0.0%

top 85.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform Redhat Jboss Enterprise WEB Platform

Timeline

PublishedFeb 5

Latest updateMay 5

Description

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform5.1.2, 5.2.0+1

▶NVDredhat/jboss_enterprise_web_platform5.1.2, 5.2.0+1

🔴Vulnerability Details

GHSA

GHSA-g2hp-j2c6-f9v8: The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5↗2022-05-05

▶

CVEList

CVE-2013-0218: The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5↗2013-02-05

▶

📋Vendor Advisories

Red Hat

Installer: Generated auto-install xml is world readable↗2013-01-30

▶

💬Community

Bugzilla

CVE-2013-0218 JBoss EAP/EWP Installer: Generated auto-install xml is world readable↗2013-01-23

▶