Description

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.

Remediation

References

CVE-2012-3370

Related Vulnerabilities

WordPress Plugin Nokia Maps & Places Cross-Site Scripting (1.6.6)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9681)

MySQL CVE-2021-35602 Vulnerability (CVE-2021-35602)

WordPress Plugin Responsive Slider-Image Slider-Slideshow for WordPress Unspecified Vulnerability (3.0.8)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33326)

Severity

Medium

Classification

CVE-2012-3370 CWE-264

Tags

Missing Update Known Vulnerabilities