CVE-2012-3428
20.12.2012, 12:02
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.Enginsight
| Vendor | Product | Version |
|---|---|---|
| jboss | ironjacamar | 𝑥 ≤ 1.0.11 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References