CVE-2012-3428

Name of the Vulnerable Software and Affected Versions IronJacamar container versions prior to 1.0.12.Final for JBoss Application Server

Description The issue allows remote attackers to obtain access to an arbitrary datasource connection under certain circumstances, specifically when allow-multiple-users is enabled in conjunction with a security domain. This occurs because the credentials supplied in a getConnection function call are not used, enabling attackers to gain access via an invalid connection attempt.

Recommendations For IronJacamar container versions prior to 1.0.12.Final, update to version 1.0.12.Final or later to resolve the issue.