Vulnerability Details CVE-2012-3369
The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v2 Score 4.0
References
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://rhn.redhat.com/errata/RHSA-2013-0221.html
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://secunia.com/advisories/51984
- http://secunia.com/advisories/52054
- http://securitytracker.com/id?1028042
- http://www.securityfocus.com/bid/57547
- https://bugzilla.redhat.com/show_bug.cgi?id=836451
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81512
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://rhn.redhat.com/errata/RHSA-2013-0221.html
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://secunia.com/advisories/51984
- http://secunia.com/advisories/52054
- http://securitytracker.com/id?1028042
- http://www.securityfocus.com/bid/57547
- https://bugzilla.redhat.com/show_bug.cgi?id=836451
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81512
Products affected by CVE-2012-3369
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.1
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.2
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.2.0
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0
-
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0