Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2020-6451 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-25168 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2014-0073 Vulnerability in npm package cordova-plugin-inappbrowser

CVE-2015-1840 Vulnerability in npm package jquery-ujs

CVE-2023-35088 Vulnerability in maven package org.apache.inlong:manager-service

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory