Information Disclosure

2020-04-1000:37:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

jboss is vulnerable to information disclosure. The vulnerability exists as JMX password was logged in plain text to “twiddle.log”.

CPENameOperatorVersion
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.6.el4
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.6.el5
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.3.el5
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.4.el4
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.7.el4
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.7.el5
hibernate3eq3.2.4__1.SP1_CP01.0jpp.ep1.1.el5.1
hibernate3eq3.2.4__1.SP1_CP02.0jpp.ep1.1.el5.1
hibernate3eq3.2.4__1.SP1_CP02.0jpp.ep1.1.el4
quartzeq1.5.2__1jpp.ep1.5.el5

Name	Operator	Version
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.6.el4
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.6.el5
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.3.el5
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.4.el4
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.7.el4
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.7.el5
hibernate3	eq	3.2.4__1.SP1_CP01.0jpp.ep1.1.el5.1
hibernate3	eq	3.2.4__1.SP1_CP02.0jpp.ep1.1.el5.1
hibernate3	eq	3.2.4__1.SP1_CP02.0jpp.ep1.1.el4
quartz	eq	1.5.2__1jpp.ep1.5.el5