5.8
CVE-2012-3370
- EPSS 1.67%
- Published 05.02.2013 23:55:01
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Jboss Enterprise Application Platform Version5.2.0
Redhat ≫ Jboss Enterprise Web Platform Version5.2.0
Redhat ≫ Jboss Enterprise Brms Platform Version <= 5.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.67% | 0.804 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|