CVE-2012-3431

{"id": "CVE-2012-3431", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-23T20:55:02.960", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2012-1301.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/55634", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=843669", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78803", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1301.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/55634", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=843669", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78803", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack."}, {"lang": "es", "value": "El Teiid Java Database Connectivity (JDBC) socket, tal como se utiliza en JBoss Enterprise Data Services Platform anterior a v5.3.0, no cifra los mensajes de inicio de sesi\u00f3n por defecto contrariamente a la documentaci\u00f3n y especificaci\u00f3n, permitiendo a atacantes remotos obtener las credenciales de acceso a trav\u00e9s de una ataque (man-in-the-middle\" (MITM)."}], "lastModified": "2024-11-21T01:40:51.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_data_services_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54B3643B-213F-40A2-B6AE-53EB32D0EBE5", "versionEndIncluding": "5.2.0"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_data_services_platform:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "592A7607-1C74-48DC-BBF7-5F991C0D9D02"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}