PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
2013-09-28T19:55:02.883
2025-04-11T00:51:21.963
Deferred
CVSSv2: 1.9 (LOW)
AV:L/AC:M/Au:N/C:P/I:N/A:N
3.4
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | redhat | jboss_enterprise_application_platform | ≤ 6.1.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 4.2.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 4.3.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 5.0.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 5.0.1 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 5.1.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 5.1.1 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 5.1.2 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 5.2.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 5.2.1 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 5.2.2 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 6.0.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 6.0.1 | Yes |