Jboss · Ironjacamar · CVE-2012-3428
**Name of the Vulnerable Software and Affected Versions**
IronJacamar container versions prior to 1.0.12.Final for JBoss Application Server
**Description**
The issue allows remote attackers to obtain access to an arbitrary datasource connection under certain circumstances, specifically when allow-multiple-users is enabled in conjunction with a security domain. This occurs because the credentials supplied in a getConnection function call are not used, enabling attackers to gain access via an invalid connection attempt.
**Recommendations**
For IronJacamar container versions prior to 1.0.12.Final, update to version 1.0.12.Final or later to resolve the issue.