The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform prior to 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss enterprise application platform 5.1.2 |
||
redhat jboss enterprise application platform 5.2.0 |
||
redhat jboss enterprise web platform 5.2.0 |
||
redhat jboss enterprise web platform 5.1.2 |
||
redhat jboss enterprise brms platform |