Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2018-10237 Vulnerability in maven package com.google.guava:guava

CVE-2018-12545 Vulnerability in maven package org.eclipse.jetty.http2:http2-common

CVE-2009-0580 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2023-29528 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml

CVE-2024-4367 Vulnerability in maven package org.webjars.bowergithub.mozilla:pdfjs-dist

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory