7.3 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.009 Low
EPSS
Percentile
82.8%
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
CPE | Name | Operator | Version |
---|---|---|---|
jboss_enterprise_application_platform | eq | 5.2.0 | |
jboss_enterprise_brms_platform | le | 5.3.0 | |
jboss_enterprise_web_platform | eq | 5.2.0 |
rhn.redhat.com/errata/RHSA-2013-0191.html
rhn.redhat.com/errata/RHSA-2013-0192.html
rhn.redhat.com/errata/RHSA-2013-0193.html
rhn.redhat.com/errata/RHSA-2013-0194.html
rhn.redhat.com/errata/RHSA-2013-0195.html
rhn.redhat.com/errata/RHSA-2013-0196.html
rhn.redhat.com/errata/RHSA-2013-0197.html
rhn.redhat.com/errata/RHSA-2013-0198.html
rhn.redhat.com/errata/RHSA-2013-0221.html
rhn.redhat.com/errata/RHSA-2013-0533.html
secunia.com/advisories/51984
secunia.com/advisories/52054
securitytracker.com/id?1028042
www.osvdb.org/89581
www.securityfocus.com/bid/57550
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456
exchange.xforce.ibmcloud.com/vulnerabilities/81513