VDB

CVE-2012-5629

CVE-2012-5629 PUBLISHED CVSS 7.5 HIGH

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.

EPSS 0.79% · 74.2th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
0.79%
74.2th percentile

Affected Products

VendorProductVersions
redhatjboss_enterprise_application_platform5.2.0, 6.0.1, 4.3.0
n/an/a*
redhatjboss_enterprise_web_platform5.2.0

Exploit Intelligence

Timeline

  • Mar 12, 2013 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 3, 2023 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Feb 13, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score

References

…and 4 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›