CVE-2012-3369
Description
The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous users password to be used.
Risk Information
Base Score
4.2
MODERATE
Vector
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.31
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.2.0 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234