Vulnerability in Redhat Jboss_enterprise_application_platform
CVE-2012-0034
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, whi…
EPSS: 0.001 (21.9th percentile) — read the EPSS interpretation.
Affected products
- Redhat Jboss_enterprise_application_platform — versions 5.1.2, 5.2.0
- Redhat Jboss_enterprise_brms_platform
- Redhat Jboss_enterprise_web_platform — versions 5.1.2, 5.2.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 78259 (x_refsource_OSVDB, vdb-entry)
- secalert@redhat.com (x_refsource_MISC)
- RHSA-2013:0192 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- RHSA-2013:0195 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- RHSA-2013:0221 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2013:0196 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- 51392 (vdb-entry, x_refsource_BID)
- RHSA-2012:1072 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2013:0193 (x_refsource_REDHAT, vendor-advisory)