CVE-2013-1921 — Redhat Jboss Enterprise Application Platform vulnerability

CWE-3105 documents5 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 78.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedSep 28

Latest updateMay 17

Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform6.1.0+12

🔴Vulnerability Details

GHSA

GHSA-p398-vx5x-3pgp: PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6↗2022-05-17

▶

CVEList

CVE-2013-1921: PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6↗2013-09-28

▶

📋Vendor Advisories

Red Hat

PicketBox: Insecure storage of masked passwords↗2013-09-04

▶

💬Community

Bugzilla

CVE-2013-1921 JBoss PicketBox: Insecure storage of masked passwords↗2013-04-04

▶