The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 allows remote malicious users to gain privileges of the previous user via a null password, which causes the previous user's password to be used.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss enterprise web platform 5.2.0 |
||
redhat jboss enterprise application platform 5.2.0 |
||
redhat jboss enterprise brms platform |