6.5
CVE-2024-1102
- EPSS 0.79%
- Veröffentlicht 25.04.2024 17:15:47
- Zuletzt bearbeitet 24.10.2025 12:15:36
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Jberet: jberet-core logging database credentials
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Enterprise Application Platform Version- SwEditiontext-only
Redhat ≫ Jboss Enterprise Application Platform Version8.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.79% | 0.513 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-523 Unprotected Transport of Credentials
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
https://access.redhat.com/errata/RHSA-2024:1677
https://access.redhat.com/errata/RHSA-2024:3580
https://access.redhat.com/errata/RHSA-2024:3581
https://access.redhat.com/errata/RHSA-2024:3583
https://access.redhat.com/security/cve/CVE-2024-1102
https://bugzilla.redhat.com/show_bug.cgi?id=2262060
https://github.com/jberet/jsr352/issues/452