Description

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

Remediation

References

CVE-2012-0034

Related Vulnerabilities

WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.2)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29209)

WordPress Plugin WooCommerce BuddyPress Integration Security Bypass (3.2.5)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16223)

WordPress Same Origin Method Execution (SOME) Vulnerability (0.70 - 3.7.13)

Severity

Low

Classification

CVE-2012-0034

Tags

Missing Update Known Vulnerabilities