Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2022-29567 Vulnerability in maven package com.vaadin:vaadin-grid-flow

CVE-2010-2076 Vulnerability in maven package org.apache.axis2:axis2-kernel

CVE-2018-1000112 Vulnerability in maven package org.jenkins-ci.plugins:mercurial

CVE-2022-34817 Vulnerability in maven package de.einsundeins.jenkins.plugins.failedjobdeactivator:failedjobdeactivator

CVE-2014-0119 Vulnerability in maven package org.apache.tomcat:catalina

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory