Vulnerability Details : CVE-2009-3554

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

Vulnerability category: Information leak

Published 2009-12-15 18:30:01

Updated 2017-08-17 01:31:10

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-3554

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-3554

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	[email protected]
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2009-3554

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: [email protected] (Primary)

References for CVE-2009-3554

Products affected by CVE-2009-3554

Redhat » Jboss Enterprise Application Platform » Version: 4.2
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 4.2 Update Cp01
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 4.2 Update Cp02
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 4.2.0 Update Cp02
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 4.2.0 Update Cp01
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 4.2.0 Update Cp03
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 4.2.0 Update Cp04
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 4.2.0 Update Cp05
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 4.2.0 Update Cp06
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 4.2.0 Update Cp07
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 4.2.2 Update GA
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.2:ga:*:*:*:*:*:*
Matching versions