Medium severity5.9NVD Advisory· Published Sep 19, 2017· Updated May 13, 2026

CVE-2015-1849

Description

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Affected products

Red Hat/Jboss Enterprise Application Platform
cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
Range: <=6.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722envdThird Party Advisory
github.com/wildfly-security/jboss-negotiation/pull/21nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000