Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2022-22950 Vulnerability in maven package org.springframework:spring-core

CVE-2023-44487 Vulnerability in maven package io.netty:netty-codec-http2

CVE-2018-6341 Vulnerability in maven package org.webjars.npm:svelte

CVE-2020-1936 Vulnerability in maven package org.apache.ambari:ambari-web

CVE-2021-32729 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-script

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory