Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2023-49374 Vulnerability in maven package com.jfinal:jfinal

CVE-2020-13928 Vulnerability in maven package org.apache.atlas:apache-atlas

CVE-2022-43441 Vulnerability in maven package org.webjars.npm:sqlite3

CVE-2022-34812 Vulnerability in maven package org.jenkins-ci.plugins:xpath-config-viewer

CVE-2021-3536 Vulnerability in maven package org.wildfly:wildfly-parent

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory