Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3370)

Description

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.

Remediation

References

Related Vulnerabilities

Next.js Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2022-36046)

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1027)

WordPress Plugin Membership Simplified Multiple SQL Injection Vulnerabilities (1.58)

WordPress Plugin Ultimate Gift Cards For WooCommerce Cross-Site Request Forgery (2.1.1)

WordPress Plugin WP Job Manager Privilege Escalation (1.34.4)

Severity

Medium

Classification

CVE-2012-3370 CWE-264

Tags

Missing Update Known Vulnerabilities