RSS   Vulnerabilities for 'Ironjacamar'   RSS

2012-12-20
 
CVE-2012-3428

CWE-255
 
 
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

 

 >>> Vendor: Jboss 10 Products
Jboss
JBPM
Jboss application server
SEAM
Enterprise application platform
Ironjacamar
Jboss enterprise application server
Red hat jboss data virtualization
Teiid
Jboss-remoting

Copyright 2024, cxsecurity.com

 

Back to Top