Description
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=948106
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
Related Vulnerabilities
CVE-2022-29161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-crypto
CVE-2020-13959 Vulnerability in maven package org.apache.velocity.tools:velocity-tools-view
CVE-2022-2256 Vulnerability in maven package org.keycloak:keycloak-themes
CVE-2019-1003054 Vulnerability in maven package info.bluefloyd.jenkins:jenkins-jira-issue-updater
CVE-2018-1259 Vulnerability in maven package org.xmlbeam:xmlprojector