CVE-2012-3369

critical

Description

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/81512

https://bugzilla.redhat.com/show_bug.cgi?id=836451

http://www.securityfocus.com/bid/57547

http://securitytracker.com/id?1028042

http://secunia.com/advisories/52054

http://secunia.com/advisories/51984

http://rhn.redhat.com/errata/RHSA-2013-0533.html

http://rhn.redhat.com/errata/RHSA-2013-0221.html

http://rhn.redhat.com/errata/RHSA-2013-0198.html

http://rhn.redhat.com/errata/RHSA-2013-0197.html

http://rhn.redhat.com/errata/RHSA-2013-0196.html

http://rhn.redhat.com/errata/RHSA-2013-0195.html

http://rhn.redhat.com/errata/RHSA-2013-0194.html

http://rhn.redhat.com/errata/RHSA-2013-0193.html

http://rhn.redhat.com/errata/RHSA-2013-0192.html

http://rhn.redhat.com/errata/RHSA-2013-0191.html

Details

Source: Mitre, NVD

Published: 2013-02-05

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical