CVE-2013-1921

low

Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

References

https://bugzilla.redhat.com/show_bug.cgi?id=948106

http://rhn.redhat.com/errata/RHSA-2014-0029.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1207.html

Details

Source: Mitre, NVD

Published: 2013-09-28

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Severity: Low

EPSS

EPSS: 0.00039

Detections

Analytics