Main Vulnerability Database Vulnerabilities #VU42525

Cryptographic issues in JBoss Enterprise Application Platform - CVE-2013-1921

Published: September 28, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42525

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-1921

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
JBoss Enterprise Application Platform

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

How to mitigate CVE-2013-1921

Install update from vendor's website.

Sources

http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=948106

Cryptographic issues in JBoss Enterprise Application Platform - CVE-2013-1921

Detailed vulnerability description

How to mitigate CVE-2013-1921

Sources

Please verify you're human