VDB
RHSA-2012%3A0108
RHSA-2012%3A0108
PUBLISHED
CVSS 1 LOW
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.
Risk Scores
CVSS 2.0
1
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 5.1 |
Timeline
- Feb 10, 2012 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2012:0108 advisory
- https://access.redhat.com/security/updates/classification/#low advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.1.2 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=772835 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0108.json advisory
- https://access.redhat.com/security/cve/CVE-2012-0034 advisory
- https://www.cve.org/CVERecord?id=CVE-2012-0034 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2012-0034 advisory