Description

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.

Remediation

References

CVE-2012-3369

Related Vulnerabilities

WordPress Plugin Traffic Manager Multiple Vulnerabilities (1.4.5)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2666)

MySQL CVE-2021-35625 Vulnerability (CVE-2021-35625)

WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) SQL Injection (6.3)

WordPress Plugin iFlyChat-WordPress Chat Cross-Site Scripting (4.6.4)

Severity

Medium

Classification

CVE-2012-3369 CWE-264

Tags

Missing Update Known Vulnerabilities