Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2023-49799 Vulnerability in npm package nuxt-api-party

CVE-2021-21604 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-21347 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2023-43668 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2020-27220 Vulnerability in maven package org.eclipse.hono:hono-adapter-amqp-vertx

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory