Lucene search

[email protected]CVE-2012-3431

HistoryNov 23, 2012 - 8:55 p.m.

CVE-2012-3431

2012-11-2320:55:02

CWE-310

[email protected]

web.nvd.nist.gov

cve-2012-3431

teiid

jdbc

jboss

data services platform

security

mitm

encryption

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.7%

JSON

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.

Affected configurations

NVD

Node

redhatjboss_enterprise_data_services_platformRange≤5.2.0

redhatjboss_enterprise_data_services_platformMatch5.1.0

CPENameOperatorVersion
redhat:jboss_enterprise_data_services_platformredhat jboss enterprise data services platformle5.2.0
redhat:jboss_enterprise_data_services_platformredhat jboss enterprise data services platformeq5.1.0

CPE	Name	Operator	Version
redhat:jboss_enterprise_data_services_platform	redhat jboss enterprise data services platform	le	5.2.0
redhat:jboss_enterprise_data_services_platform	redhat jboss enterprise data services platform	eq	5.1.0

References

rhn.redhat.com/errata/RHSA-2012-1301.html

www.securityfocus.com/bid/55634

bugzilla.redhat.com/show_bug.cgi?id=843669

exchange.xforce.ibmcloud.com/vulnerabilities/78803

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.7%

JSON

Related for CVE-2012-3431

prion1 cvelist1 nvd1