CVE-2012-3431

Published: Nov 23, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.

Affected (2)

Products: Redhat: Jboss Enterprise Data Services Platform

1 product

Jboss Enterprise Data Services Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Data Services Platform	Up to 5.2.0
Redhat Jboss Enterprise Data Services Platform	Version 5.1.0

Related CWEs

References (8)

http://rhn.redhat.com/errata/RHSA-2012-1301.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/55634

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=843669

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/78803

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-1301.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/55634

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=843669

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/78803

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.