CVE-2012-3370 in JBoss Enterpriseinfo

Summary

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

06/14/2012

Disclosure

02/05/2013

Moderation

VulDB entry created

Entries

1: VDB-7499

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

6.5

EPSS

0.01673

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3370
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3370
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3370/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!