Lucene search

[email protected]NVD:CVE-2012-3431

HistoryNov 23, 2012 - 8:55 p.m.

CVE-2012-3431

2012-11-2320:55:02

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

49.6%

JSON

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.

Affected configurations

Nvd

Node

redhatjboss_enterprise_data_services_platformRange≤5.2.0

redhatjboss_enterprise_data_services_platformMatch5.1.0

VendorProductVersionCPE
redhatjboss_enterprise_data_services_platform*cpe:2.3:a:redhat:jboss_enterprise_data_services_platform:*:*:*:*:*:*:*:*
redhatjboss_enterprise_data_services_platform5.1.0cpe:2.3:a:redhat:jboss_enterprise_data_services_platform:5.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	jboss_enterprise_data_services_platform	*	cpe:2.3:a:redhat:jboss_enterprise_data_services_platform::::::::
redhat	jboss_enterprise_data_services_platform	5.1.0	cpe:2.3:a:redhat:jboss_enterprise_data_services_platform:5.1.0:::::::*

References

rhn.redhat.com/errata/RHSA-2012-1301.html

www.securityfocus.com/bid/55634

bugzilla.redhat.com/show_bug.cgi?id=843669

exchange.xforce.ibmcloud.com/vulnerabilities/78803

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

49.6%

JSON

Related for NVD:CVE-2012-3431

prion1 cvelist1 cve1