Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2022-34187 Vulnerability in maven package aendter.jenkins.plugins:filesystem-list-parameter-plugin

CVE-2020-11990 Vulnerability in npm package cordova-plugin-camera

CVE-2018-1000603 Vulnerability in maven package org.jenkins-ci.plugins:openstack-cloud

CVE-2015-0266 Vulnerability in maven package org.apache.ranger:ranger

CVE-2020-1961 Vulnerability in maven package org.apache.syncope.core:syncope-core-provisioning-java

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory