Vulnerability Details CVE-2012-3370
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.1%
CVSS Severity
CVSS v2 Score 5.8
References
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://rhn.redhat.com/errata/RHSA-2013-0221.html
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://secunia.com/advisories/51984
- http://secunia.com/advisories/52054
- http://securitytracker.com/id?1028042
- http://www.osvdb.org/89581
- http://www.securityfocus.com/bid/57550
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81513
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://rhn.redhat.com/errata/RHSA-2013-0221.html
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://secunia.com/advisories/51984
- http://secunia.com/advisories/52054
- http://securitytracker.com/id?1028042
- http://www.osvdb.org/89581
- http://www.securityfocus.com/bid/57550
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81513
Products affected by CVE-2012-3370
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.1
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.2
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.2.0
-
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0
-
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0