Description
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
Remediation
References
Related Vulnerabilities
WordPress Plugin The Events Calendar Cross-Site Scripting (4.8.1)
Restlet Framework Deserialization of Untrusted Data Vulnerability (CVE-2013-4271)
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2022-3754)
Oracle JRE CVE-2013-2458 Vulnerability (CVE-2013-2458)
WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.4)