CVE-2012-3369
Summary
| CVE | CVE-2012-3369 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-02-05 23:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
HighAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
NoneAV:N/AC:H/Au:N/C:P/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Enterprise Application Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | All | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.2.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| JBoss Enterprise Application Platform CVE-2012-3369 Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Security Advisory SA51984 - Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Security Advisory SA52054 - Red Hat update for JBoss Enterprise BRMS Platform - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| JBoss Multiple Bugs Let Remote Users Execute Arbitrary Code, Hijack User Sessions or Credentials, and Gain Elevated Privileges - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| 836451 – (CVE-2012-3369) CVE-2012-3369 JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.