Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2014-0029.html

https://bugzilla.redhat.com/show_bug.cgi?id=948106

Related Vulnerabilities

CVE-2022-4492 Vulnerability in maven package io.undertow:undertow-core

CVE-2020-11022 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery

CVE-2020-2271 Vulnerability in maven package org.jenkins-ci.plugins:locked-files-report

CVE-2017-2585 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2020-16042 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory