Unrated severityNVD Advisory· Published Nov 23, 2012· Updated Apr 29, 2026

CVE-2012-3431

Description

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.

Affected products

Red Hat/Jboss Enterprise Data Services Platform2 versions
cpe:2.3:a:redhat:jboss_enterprise_data_services_platform:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:jboss_enterprise_data_services_platform:*:*:*:*:*:*:*:*range: <=5.2.0
- cpe:2.3:a:redhat:jboss_enterprise_data_services_platform:5.1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2012-1301.htmlnvdVendor Advisory
www.securityfocus.com/bid/55634nvd
bugzilla.redhat.com/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/78803nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000