Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2016-6637 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

CVE-2023-50722 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui

CVE-2023-45648 Vulnerability in maven package org.apache.tomcat:tomcat

CVE-2019-10430 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner

CVE-2021-30179 Vulnerability in maven package org.apache.dubbo:dubbo

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory