Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2018-6874 Vulnerability in maven package org.webjars.bower:auth0-lock

CVE-2011-2732 Vulnerability in maven package org.springframework.security:spring-security-core

CVE-2022-36887 Vulnerability in maven package org.jenkins-ci.plugins:jobconfighistory

CVE-2017-1000034 Vulnerability in maven package com.typesafe.akka:akka-actor_2.12

CVE-2017-5929 Vulnerability in maven package ch.qos.logback:logback-core

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory