| Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-5066 | 2.1 |
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
|
14-02-2024 - 01:17 | 13-08-2012 - 20:55 | |
| CVE-2012-0874 | 6.8 |
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentica
|
13-02-2023 - 04:32 | 05-02-2013 - 23:55 | |
| CVE-2012-5629 | 7.5 |
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authenticati
|
13-02-2023 - 00:26 | 12-03-2013 - 23:55 | |
| CVE-2012-5478 | 4.9 |
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated
|
29-08-2017 - 01:32 | 05-02-2013 - 23:55 | |
| CVE-2012-3370 | 5.8 |
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a s
|
29-08-2017 - 01:31 | 05-02-2013 - 23:55 | |
| CVE-2012-3369 | 4.0 |
The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via
|
29-08-2017 - 01:31 | 05-02-2013 - 23:55 | |
| CVE-2011-2730 | 7.5 |
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via
|
09-08-2017 - 01:29 | 05-12-2012 - 17:55 | |
| CVE-2012-5370 | 5.0 |
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a h
|
18-01-2015 - 02:59 | 28-11-2012 - 13:03 | |
| CVE-2012-0034 | 2.1 |
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows l
|
18-01-2015 - 02:59 | 05-02-2013 - 23:55 |