Description
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=948106
Related Vulnerabilities
CVE-2018-1259 Vulnerability in maven package org.xmlbeam:xmlprojector
CVE-2014-9635 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-2228 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth
CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:preflight-app
CVE-2018-17192 Vulnerability in maven package org.apache.nifi:nifi-jetty-bundle