Описание
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | Security | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | unknown | Under investigation | ||
| Red Hat JBoss Portal 5 | PicketLink | Will not fix | ||
| Red Hat JBoss SOA Platform 5 | EAP | Affected | ||
| JBEWP 5 for RHEL 5 | aopalliance | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | apache-cxf | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | bsh2 | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | glassfish-jaxb | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | google-guice | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | hibernate3 | Fixed | RHSA-2013:0196 | 24.01.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
The SecurityAssociation.getCredential method in JBoss Enterprise Appli ...
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
EPSS
5.8 Medium
CVSS2