Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2012-3370 - Vulnerability Database
Jboss EAP

Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2012-3370

Medium
Reference: CVE-2012-3370
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-3370
Title: Jboss EAP Permissions Privileges and Access Controls Vulnerability
Overview:

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0 Web Platform (EWP) before 5.2.0 BRMS Platform before 5.3.1 and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided which allows remote attackers to gain privileges as other users.