Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=948106

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

Related Vulnerabilities

CVE-2015-5175 Vulnerability in maven package org.apache.cxf.fediz:fediz-core

CVE-2019-10062 Vulnerability in npm package aurelia-framework

CVE-2020-2190 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2010-1622 Vulnerability in maven package org.springframework:spring-beans

CVE-2020-7020 Vulnerability in maven package org.elasticsearch:elasticsearch

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory