| Vulnerability Name: | CVE-2012-3370 (CCN-81513) | ||||||||
| Assigned: | 2012-06-14 | ||||||||
| Published: | 2013-01-24 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-3370 Source: CCN Type: RHSA-2013-0191 Important: JBoss Enterprise Application Platform 5.2.0 update Source: REDHAT Type: Vendor Advisory RHSA-2013:0191 Source: CCN Type: RHSA-2013-0192 Important: JBoss Enterprise Application Platform 5.2.0 update Source: REDHAT Type: Vendor Advisory RHSA-2013:0192 Source: CCN Type: RHSA-2013-0193 Important: JBoss Enterprise Application Platform 5.2.0 update Source: REDHAT Type: Vendor Advisory RHSA-2013:0193 Source: CCN Type: RHSA-2013-0194 Important: JBoss Enterprise Application Platform 5.2.0 update Source: REDHAT Type: Vendor Advisory RHSA-2013:0194 Source: CCN Type: RHSA-2013-0195 Important: JBoss Enterprise Web Platform 5.2.0 update Source: REDHAT Type: Vendor Advisory RHSA-2013:0195 Source: CCN Type: RHSA-2013-0196 Important: JBoss Enterprise Web Platform 5.2.0 update Source: REDHAT Type: Vendor Advisory RHSA-2013:0196 Source: CCN Type: RHSA-2013-0197 Important: JBoss Enterprise Web Platform 5.2.0 update Source: REDHAT Type: Vendor Advisory RHSA-2013:0197 Source: CCN Type: RHSA-2013-0198 Important: JBoss Enterprise Web Platform 5.2.0 update Source: REDHAT Type: Vendor Advisory RHSA-2013:0198 Source: REDHAT Type: Vendor Advisory RHSA-2013:0221 Source: REDHAT Type: UNKNOWN RHSA-2013:0533 Source: SECUNIA Type: Vendor Advisory 51984 Source: SECUNIA Type: Vendor Advisory 52054 Source: SECTRACK Type: UNKNOWN 1028042 Source: CCN Type: JBoss Web site JBoss Enterprise Application Platform Source: OSVDB Type: UNKNOWN 89581 Source: BID Type: UNKNOWN 57550 Source: CCN Type: BID-57550 JBoss Enterprise Application Platform CVE-2012-3370 Security Bypass Vulnerability Source: MISC Type: UNKNOWN https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456 Source: XF Type: UNKNOWN jboss-eap-getcredential-info-disc(81513) Source: XF Type: UNKNOWN jboss-eap-getcredential-info-disc(81513) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||