CVE-2012-3370
Summary
| CVE | CVE-2012-3370 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-02-05 23:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:P/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Enterprise Application Platform | 5.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Brms Platform | All | All | All | All |
| Application | Redhat | Jboss Enterprise Web Platform | 5.2.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Security Advisory SA51984 - Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Security Advisory SA52054 - Red Hat update for JBoss Enterprise BRMS Platform - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| JBoss Multiple Bugs Let Remote Users Execute Arbitrary Code, Hijack User Sessions or Credentials, and Gain Elevated Privileges - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| 836456 – (CVE-2012-3370) CVE-2012-3370 JBoss: SecurityAssociation.getCredential() will return the previous credential if no security context is provided | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| JBoss Enterprise Application Platform CVE-2012-3370 Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| www.osvdb.org/89581 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.