CVE-2012-3370 in JBoss Enterpriseinformação

Sumário

de MITRE

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservar

14/06/2012

Divulgação

05/02/2013

Moderação

aceite

Entrada

VDB-7499

CPE

pronto

CWE

CWE-264 (confirmado)

CVSS

5.8 (NVD)

EPSS

0.01862

KEV

não

Atividades

muito baixo

Sector

Telecommunication, Insurance, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3370
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3370
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3370/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!