Moderate severityNVD Advisory· Published Dec 20, 2012· Updated Apr 29, 2026

CVE-2012-3428

Description

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jboss.ironjacamar:ironjacamar-jdbcMaven	< 1.0.12.Final	1.0.12.Final

Affected products

JBoss/Ironjacamar
cpe:2.3:a:jboss:ironjacamar:*:*:*:*:*:*:*:*
Range: <=1.0.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-ppg2-ww3w-hq84ghsaADVISORY
issues.jboss.org/browse/JBJCA-864nvdVendor AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2012-3428ghsaADVISORY
rhn.redhat.com/errata/RHSA-2012-1591.htmlnvdWEB
rhn.redhat.com/errata/RHSA-2012-1592.htmlnvdWEB
rhn.redhat.com/errata/RHSA-2012-1594.htmlnvdWEB
secunia.com/advisories/51607nvdWEB
bugzilla.redhat.com/show_bug.cginvdWEB
issues.jboss.org/browse/JBPAPP-9584nvdWEB
issues.jboss.org/secure/ReleaseNote.jspanvdWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000