Lucene search

[email protected]NVD:CVE-2012-3428

HistoryDec 20, 2012 - 12:02 p.m.

CVE-2012-3428

2012-12-2012:02:17

CWE-255

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.008

Percentile

81.4%

JSON

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

Affected configurations

Nvd

Node

jbossironjacamarRange≤1.0.11

VendorProductVersionCPE
jbossironjacamar*cpe:2.3:a:jboss:ironjacamar:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jboss	ironjacamar	*	cpe:2.3:a:jboss:ironjacamar::::::::

References

rhn.redhat.com/errata/RHSA-2012-1591.html

rhn.redhat.com/errata/RHSA-2012-1592.html

rhn.redhat.com/errata/RHSA-2012-1594.html

secunia.com/advisories/51607

bugzilla.redhat.com/show_bug.cgi?id=843358

issues.jboss.org/browse/JBJCA-864

issues.jboss.org/browse/JBPAPP-9584

issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.008

Percentile

81.4%

JSON

Related for NVD:CVE-2012-3428

osv1 prion1 cvelist1 veracode5 github1 cve1 redhat3 nessus2