4
CVSSv2

CVE-2012-3369

Published: 05/02/2013 Updated: 29/08/2017
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 356
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Vulnerability Summary

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 allows remote malicious users to gain privileges of the previous user via a null password, which causes the previous user's password to be used.

Vendor Advisories

Synopsis Important: JBoss Enterprise SOA Platform 531 update Type/Severity Security Advisory: Important Topic JBoss Enterprise SOA Platform 531, which fixes multiple security issues,various bugs, and adds enhancements, is now available from the Red HatCustomer PortalThe Red Hat Security Response Team h ...
Synopsis Important: JBoss Enterprise Web Platform 520 update Type/Severity Security Advisory: Important Topic JBoss Enterprise Web Platform 520, which fixes multiple security issues,various bugs, and adds several enhancements, is now available from the RedHat Customer PortalThe Red Hat Security Respons ...
Synopsis Important: JBoss Enterprise Application Platform 520 update Type/Severity Security Advisory: Important Topic Updated JBoss Enterprise Application Platform 520 packages that fixmultiple security issues, various bugs, and add several enhancements arenow available for Red Hat Enterprise Linux 5Th ...
Synopsis Important: JBoss Enterprise Application Platform 520 update Type/Severity Security Advisory: Important Topic JBoss Enterprise Application Platform 520, which fixes multiple securityissues, various bugs, and adds several enhancements, is now available fromthe Red Hat Customer PortalThe Red Hat ...
Synopsis Important: JBoss Enterprise Web Platform 520 update Type/Severity Security Advisory: Important Topic Updated JBoss Enterprise Web Platform 520 packages that fix multiplesecurity issues, various bugs, and add several enhancements are nowavailable for Red Hat Enterprise Linux 6The Red Hat Securi ...
Synopsis Important: JBoss Enterprise Application Platform 520 update Type/Severity Security Advisory: Important Topic Updated JBoss Enterprise Application Platform 520 packages that fixmultiple security issues, various bugs, and add several enhancements arenow available for Red Hat Enterprise Linux 6Th ...
Synopsis Important: JBoss Enterprise Web Platform 520 update Type/Severity Security Advisory: Important Topic Updated JBoss Enterprise Web Platform 520 packages that fix multiplesecurity issues, various bugs, and add several enhancements are nowavailable for Red Hat Enterprise Linux 5The Red Hat Securi ...