Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2015-5320 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2018-17195 Vulnerability in maven package org.apache.nifi:nifi-web-api

CVE-2019-10282 Vulnerability in maven package hudson.plugins.klaros:klaros-testmanagement

CVE-2014-3623 Vulnerability in maven package org.apache.wss4j:wss4j

CVE-2015-5170 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory