4.3
CVE-2012-3428
- EPSS 1.41%
- Veröffentlicht 20.12.2012 12:02:17
- Zuletzt bearbeitet 16.06.2026 23:43:12
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jboss ≫ Ironjacamar Version <= 1.0.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.41% | 0.691 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://rhn.redhat.com/errata/RHSA-2012-1591.html
http://rhn.redhat.com/errata/RHSA-2012-1592.html
http://rhn.redhat.com/errata/RHSA-2012-1594.html
http://secunia.com/advisories/51607
https://bugzilla.redhat.com/show_bug.cgi?id=843358
https://issues.jboss.org/browse/JBJCA-864
https://issues.jboss.org/browse/JBPAPP-9584
https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522