Description
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Remediation
References
Related Vulnerabilities
Cherokee NULL Pointer Dereference Vulnerability (CVE-2020-12845)
IBMHttpServer Untrusted Pointer Dereference Vulnerability (CVE-2026-8835)
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-62252)
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000481)