The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-02-05T23:11:00

Updated: 2024-08-06T20:05:12.102Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3370

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-02-05T23:55:01.490

Modified: 2024-11-21T01:40:43.623

Link: CVE-2012-3370

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-01-24T00:00:00Z

Links: CVE-2012-3370 - Bugzilla