Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2011-5062 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-30846 Vulnerability in npm package typed-rest-client

CVE-2022-41233 Vulnerability in maven package org.jenkins-ci.plugins:rundeck

CVE-2021-45029 Vulnerability in maven package org.apache.shenyu:shenyu-common

CVE-2019-1003052 Vulnerability in maven package org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory