The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote malicious users to gain privileges as other users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss enterprise application platform 5.2.0 |
||
redhat jboss enterprise web platform 5.2.0 |
||
redhat jboss enterprise brms platform |