Description

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.

Remediation

References

CVE-2012-3369

Related Vulnerabilities

Oracle Application Server CVE-2008-5438 Vulnerability (CVE-2008-5438)

WordPress Plugin Ninja Popups Multiple Vulnerabilities (4.5.3)

osTicket Session Fixation Vulnerability (CVE-2022-31888)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Cross-Site Scripting (3.9.1)

Oracle Database Server CVE-2009-1968 Vulnerability (CVE-2009-1968)

Severity

Medium

Classification

CVE-2012-3369 CWE-264

Tags

Missing Update Known Vulnerabilities