CVE-2014-0058 — Redhat Jboss Enterprise Application Platform vulnerability

CWE-3105 documents5 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 80.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedFeb 26

Latest updateMay 17

Description

The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform4 versions+3

🔴Vulnerability Details

GHSA

GHSA-42c9-mw7r-66f3: The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6↗2022-05-17

▶

CVEList

CVE-2014-0058: The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6↗2014-02-26

▶

📋Vendor Advisories

Red Hat

EAP6: Plain text password logging during security audit↗2014-02-24

▶

💬Community

Bugzilla

CVE-2014-0058 Red Hat JBoss EAP6: Plain text password logging during security audit↗2014-02-11

▶