PT-2013-1603 · Red Hat · Jboss Web Platform+3
Carlo De Wolf
+1
·
Published
2013-02-05
·
Updated
2017-08-29
·
CVE-2012-3370
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
JBoss Enterprise Application Platform (EAP) versions prior to 5.2.0
JBoss Web Platform (EWP) versions prior to 5.2.0
BRMS Platform versions prior to 5.3.1
SOA Platform versions prior to 5.3.1
Description
The issue allows remote attackers to gain privileges as other users due to the SecurityAssociation.getCredential method returning the credentials of the previous user when a security context is not provided.
Recommendations
For JBoss Enterprise Application Platform (EAP) versions prior to 5.2.0, update to version 5.2.0 or later.
For JBoss Web Platform (EWP) versions prior to 5.2.0, update to version 5.2.0 or later.
For BRMS Platform versions prior to 5.3.1, update to version 5.3.1 or later.
For SOA Platform versions prior to 5.3.1, update to version 5.3.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brms Platform
Red Hat Jboss Enterprise Application Platform
Jboss Web Platform
Soa Platform