CVE-2013-1921
First published: Thu Apr 04 2013(Updated: )
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Enterprise Application Platform | <=6.1.0 | |
| JBoss Enterprise Application Platform | =4.2.0 | |
| JBoss Enterprise Application Platform | =4.3.0 | |
| JBoss Enterprise Application Platform | =5.0.0 | |
| JBoss Enterprise Application Platform | =5.0.1 | |
| JBoss Enterprise Application Platform | =5.1.0 | |
| JBoss Enterprise Application Platform | =5.1.1 | |
| JBoss Enterprise Application Platform | =5.1.2 | |
| JBoss Enterprise Application Platform | =5.2.0 | |
| JBoss Enterprise Application Platform | =5.2.1 | |
| JBoss Enterprise Application Platform | =5.2.2 | |
| JBoss Enterprise Application Platform | =6.0.0 | |
| JBoss Enterprise Application Platform | =6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2013-1209.html
- https://rhn.redhat.com/errata/RHSA-2013-1208.html
- https://rhn.redhat.com/errata/RHSA-2013-1207.html
- https://rhn.redhat.com/errata/RHSA-2013-1437.html
- https://rhn.redhat.com/errata/RHSA-2014-0029.html
- https://bugzilla.redhat.com/show_bug.cgi?id=948106
- http://rhn.redhat.com/errata/RHSA-2013-1207.html
- http://rhn.redhat.com/errata/RHSA-2013-1208.html
- http://rhn.redhat.com/errata/RHSA-2013-1209.html
- http://rhn.redhat.com/errata/RHSA-2013-1437.html
- http://rhn.redhat.com/errata/RHSA-2014-0029.html
Frequently Asked Questions
What is the severity of CVE-2013-1921?
CVE-2013-1921 is considered a high severity vulnerability due to its potential to expose sensitive admin encryption keys.
How do I fix CVE-2013-1921?
To fix CVE-2013-1921, upgrade to a version of Red Hat JBoss Enterprise Application Platform that is patched and not affected by this vulnerability.
Which versions of JBoss are affected by CVE-2013-1921?
CVE-2013-1921 affects Red Hat JBoss Enterprise Application Platform versions up to 6.1.0 and certain specified earlier versions.
What is the impact of CVE-2013-1921?
The impact of CVE-2013-1921 includes unauthorized access to the admin encryption key, allowing local users to potentially compromise encrypted credentials.
Is my system at risk with CVE-2013-1921?
If you are using an affected version of Red Hat JBoss Enterprise Application Platform without the necessary updates, your system is at risk due to CVE-2013-1921.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-1921
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/6.1.0
- version/jboss enterprise application platform/4.2.0
- version/jboss enterprise application platform/4.3.0
- version/jboss enterprise application platform/5.0.0
- version/jboss enterprise application platform/5.0.1
- version/jboss enterprise application platform/5.1.0
- version/jboss enterprise application platform/5.1.1
- version/jboss enterprise application platform/5.1.2
- version/jboss enterprise application platform/5.2.0
- version/jboss enterprise application platform/5.2.1
- version/jboss enterprise application platform/5.2.2
- version/jboss enterprise application platform/6.0.0
- version/jboss enterprise application platform/6.0.1