Description
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=948106
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
Related Vulnerabilities
CVE-2015-5345 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2020-27178 Vulnerability in maven package org.apereo.cas:cas-server-support-otp-mfa-core
CVE-2020-6541 Vulnerability in npm package electron
CVE-2021-22147 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2008-6504 Vulnerability in maven package org.apache.struts:struts2-core