Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2012-6662 Vulnerability in maven package org.fujion.webjars:jquery-ui

CVE-2022-41930 Vulnerability in maven package org.xwiki.platform:xwiki-platform-user-profile-ui

CVE-2012-0803 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security

CVE-2022-1438 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2019-5786 Vulnerability in npm package puppeteer

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory