Unrated severityNVD Advisory· Published Feb 5, 2013· Updated Apr 29, 2026
CVE-2012-3370
CVE-2012-3370
Description
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
Affected products
3- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*Range: <=5.3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- rhn.redhat.com/errata/RHSA-2013-0191.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0192.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0193.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0194.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0195.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0196.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0197.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0198.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0221.htmlnvdVendor Advisory
- secunia.com/advisories/51984nvdVendor Advisory
- secunia.com/advisories/52054nvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0533.htmlnvd
- securitytracker.com/idnvd
- www.osvdb.org/89581nvd
- www.securityfocus.com/bid/57550nvd
- bugzilla.redhat.com/bugzilla/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/81513nvd
News mentions
0No linked articles in our index yet.