Lucene search

GitHub Advisory DatabaseGHSA-PPG2-WW3W-HQ84

HistoryMay 17, 2022 - 5:17 a.m.

User confusion in IronJacamar

2022-05-1705:17:01

GitHub Advisory Database

github.com

7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.1%

JSON

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

CPENameOperatorVersion
org.jboss.ironjacamar:ironjacamar-jdbclt1.0.12.Final

CPE	Name	Operator	Version
	org.jboss.ironjacamar:ironjacamar-jdbc	lt	1.0.12.Final

References

rhn.redhat.com/errata/RHSA-2012-1591.html

rhn.redhat.com/errata/RHSA-2012-1592.html

rhn.redhat.com/errata/RHSA-2012-1594.html

secunia.com/advisories/51607

bugzilla.redhat.com/show_bug.cgi?id=843358

github.com/advisories/GHSA-ppg2-ww3w-hq84

issues.jboss.org/browse/JBJCA-864

issues.jboss.org/browse/JBPAPP-9584

issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522

nvd.nist.gov/vuln/detail/CVE-2012-3428

7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.1%

JSON

Related for GHSA-PPG2-WW3W-HQ84