Description
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=948106
Related Vulnerabilities
CVE-2018-1000195 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-49380 Vulnerability in maven package com.jfinal:jfinal
CVE-2024-4367 Vulnerability in maven package org.webjars.npm:pdfjs-dist
CVE-2013-2067 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2020-11022 Vulnerability in maven package org.webjars.bower:jquery