Description
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.
Remediation
References
Related Vulnerabilities
OpenVPN AS Improper Authentication Vulnerability (CVE-2020-8953)
WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (1.0.0)
PHP Deserialization of Untrusted Data Vulnerability (CVE-2018-19396)
WordPress Plugin YOP Poll Multiple Cross-Site Scripting Vulnerabilities (6.3.0)
WordPress Plugin The Plus Addons for Elementor Open Redirect (4.1.9)