The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-02-05T23:11:00

Updated: 2024-08-06T20:05:11.869Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3369

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-02-05T23:55:01.427

Modified: 2024-11-21T01:40:43.470

Link: CVE-2012-3369

cve-icon Redhat

Severity : Low

Publid Date: 2013-01-24T00:00:00Z

Links: CVE-2012-3369 - Bugzilla