Lucene search

PRIOn knowledge basePRION:CVE-2012-3428

HistoryDec 20, 2012 - 12:02 p.m.

Design/Logic Flaw

2012-12-2012:02:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.9%

JSON

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

CPENameOperatorVersion
ironjacamarle1.0.11

CPE	Name	Operator	Version
	ironjacamar	le	1.0.11

References

rhn.redhat.com/errata/RHSA-2012-1591.html

rhn.redhat.com/errata/RHSA-2012-1592.html

rhn.redhat.com/errata/RHSA-2012-1594.html

secunia.com/advisories/51607

bugzilla.redhat.com/show_bug.cgi?id=843358

issues.jboss.org/browse/JBJCA-864

issues.jboss.org/browse/JBPAPP-9584

issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522

7.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.9%

JSON

Related for PRION:CVE-2012-3428