Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=948106

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

Related Vulnerabilities

CVE-2021-38153 Vulnerability in maven package org.apache.kafka:kafka-clients

CVE-2014-0119 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2021-21638 Vulnerability in maven package org.jenkins-ci.plugins:tfs

CVE-2012-6662 Vulnerability in maven package org.fujion.webjars:jquery-ui

CVE-2023-27987 Vulnerability in maven package org.apache.linkis:linkis-cli-application

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory