Lucene search

K

RedhatCVELIST:CVE-2012-3369

HistoryFeb 05, 2013 - 11:11 p.m.

CVE-2012-3369

2013-02-0523:11:00

redhat

www.cve.org

5.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user’s password to be used.

References

rhn.redhat.com/errata/RHSA-2013-0191.html

rhn.redhat.com/errata/RHSA-2013-0192.html

rhn.redhat.com/errata/RHSA-2013-0193.html

rhn.redhat.com/errata/RHSA-2013-0194.html

rhn.redhat.com/errata/RHSA-2013-0195.html

rhn.redhat.com/errata/RHSA-2013-0196.html

rhn.redhat.com/errata/RHSA-2013-0197.html

rhn.redhat.com/errata/RHSA-2013-0198.html

rhn.redhat.com/errata/RHSA-2013-0221.html

rhn.redhat.com/errata/RHSA-2013-0533.html

secunia.com/advisories/51984

secunia.com/advisories/52054

securitytracker.com/id?1028042

www.securityfocus.com/bid/57547

bugzilla.redhat.com/show_bug.cgi?id=836451

exchange.xforce.ibmcloud.com/vulnerabilities/81512

5.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%

Related for CVELIST:CVE-2012-3369

prion1 cve1 nvd1 redhat8 veracode8 nessus6