5.8

CVE-2012-3370

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.86% 0.765
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2013-0191.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0192.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0193.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0194.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0195.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0196.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0197.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0198.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0221.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0533.html
http://secunia.com/advisories/51984
Vendor Advisory
http://secunia.com/advisories/52054
Vendor Advisory
http://securitytracker.com/id?1028042
http://www.osvdb.org/89581
http://www.securityfocus.com/bid/57550
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456
https://exchange.xforce.ibmcloud.com/vulnerabilities/81513