Description
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.2.0)
WordPress Plugin Brizy-Page Builder Unspecified Vulnerability (2.4.45)
WordPress Plugin WP Easy Gallery 'select_gallery' Parameter Cross-Site Scripting (1.7)
WordPress Plugin HTML5 jQuery Audio Player Multiple Cross-Site Scripting Vulnerabilities (2.3)
SugarCRM Improper Input Validation Vulnerability (CVE-2012-0694)