CVE-2012-3370 in JBoss Enterprisethông tin

Tóm tắt

Bởi MITRE

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Đặt trước

14/06/2012

Tiết lộ

05/02/2013

Kiểm duyệt

được chấp nhận

mục

VDB-7499

CPE

sẵn sàng

CWE

CWE-264 (Đã xác nhận)

CVSS

5.8 (NVD)

EPSS

0.01862

KEV

không

Các hoạt động

rất thấp

ngành

Pharma, Government, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3370
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3370
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3370/

◂ Trước Tổng Quan Tiếp theo ▸

Interested in the pricing of exploits?

See the underground prices here!