- Description
- The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 1.9
- Impact score
- 2.9
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-310
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F94D102-60EA-4C47-9A39-DAE4704044DD"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF680478-162A-4F7B-B9BA-C407FA3C0EEE"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82B6C055-25E2-4C78-ACA7-D722848BDBC4"
}
],
"operator": "OR"
}
]
}
]