Default configuration

2012-11-2320:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.7%

JSON

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.

CPENameOperatorVersion
jboss_enterprise_data_services_platformeq5.1.0
jboss_enterprise_data_services_platformle5.2.0

CPE	Name	Operator	Version
	jboss_enterprise_data_services_platform	eq	5.1.0
	jboss_enterprise_data_services_platform	le	5.2.0

References

rhn.redhat.com/errata/RHSA-2012-1301.html

www.securityfocus.com/bid/55634

bugzilla.redhat.com/show_bug.cgi?id=843669

exchange.xforce.ibmcloud.com/vulnerabilities/78803