CVE-2012-3428

Aliases:GHSA-ppg2-ww3w-hq84

Advisory lineage Upstream: 0 Downstream: 2

Downstream

RHSA-2012:1591 RHSA-2012:1592

Modified

Published: 20 Dec 2012, 11:00

Last modified:06 Aug 2024, 20:05

Vulnerability Summary

Overall Risk (default)

low

17/100

CVSS Score

4.3 MEDIUM

v2.0 (nvd)

EPSS Score

0.55% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Dec 2012, 11:00

Published

Vulnerability first disclosed

06 Aug 2024, 20:05

Last Modified

Vulnerability information updated

Description

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

CVSS Metrics

v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.55%• Percentile: 68%

Techniques & Countermeasures

CWE-255•Credentials Management Errors
Weaknesses in this category are related to the management of credentials.

Affected Systems

jboss•ironjacamar
≤ 1.0.11
org.jboss.ironjacamar•ironjacamar-jdbc
< 1.0.12.Final