Description

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.

Remediation

References

CVE-2012-3369

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3370)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14750)

Internet Information Services Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2002-1700)

WordPress Plugin Magic Fields 2 Unspecified Vulnerability (2.3.2.2)

Zikula Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6168)

Severity

Medium

Classification

CVE-2012-3369 CWE-264

Tags

Missing Update Known Vulnerabilities