Unrated severityNVD Advisory· Published Feb 5, 2013· Updated Apr 29, 2026
CVE-2012-0034
CVE-2012-0034
Description
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.
Affected products
5cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*Range: <=5.3.0
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- rhn.redhat.com/errata/RHSA-2012-0108.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0192.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0195.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0196.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0197.htmlnvdVendor Advisory
- secunia.com/advisories/51984nvdVendor Advisory
- secunia.com/advisories/52054nvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2012-1072.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0191.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0193.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0221.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0533.htmlnvd
- www.osvdb.org/78259nvd
- www.securityfocus.com/bid/51392nvd
- bugzilla.redhat.com/show_bug.cginvd
- issues.jboss.org/browse/JBCACHE-1612nvd
News mentions
0No linked articles in our index yet.