{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-07-19T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "teiid-jdbc-info-disc(78803)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78803"}, {"name": "RHSA-2012:1301", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1301.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843669"}, {"name": "55634", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55634"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.524Z"}, "title": "CVE Program Container", "references": [{"name": "teiid-jdbc-info-disc(78803)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78803"}, {"name": "RHSA-2012:1301", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1301.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843669"}, {"name": "55634", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55634"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3431", "datePublished": "2012-11-23T20:00:00.000Z", "dateReserved": "2012-06-14T00:00:00.000Z", "dateUpdated": "2024-08-06T20:05:12.524Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_data_services_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "54B3643B-213F-40A2-B6AE-53EB32D0EBE5", "versionEndIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_data_services_platform:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "592A7607-1C74-48DC-BBF7-5F991C0D9D02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack."}, {"lang": "es", "value": "El Teiid Java Database Connectivity (JDBC) socket, tal como se utiliza en JBoss Enterprise Data Services Platform anterior a v5.3.0, no cifra los mensajes de inicio de sesi\u00f3n por defecto contrariamente a la documentaci\u00f3n y especificaci\u00f3n, permitiendo a atacantes remotos obtener las credenciales de acceso a trav\u00e9s de una ataque (man-in-the-middle\" (MITM)."}], "id": "CVE-2012-3431", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-23T20:55:02.960", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1301.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/55634"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843669"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78803"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1301.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/55634"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78803"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Steven Hawkins (Red Hat).", "affected_release": [{"advisory": "RHSA-2012:1301", "cpe": "cpe:/a:redhat:jboss_enterprise_data_services:5.3", "product_name": "JBoss Enterprise Data Services Platform 5.3", "release_date": "2012-09-20T00:00:00Z"}], "bugzilla": {"description": "Teiid: JDBC socket does not encrypt client login messages by default", "id": "843669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843669"}, "csaw": false, "cvss": {"cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack."], "name": "CVE-2012-3431", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Affected", "package_name": "EDS", "product_name": "Red Hat JBoss SOA Platform 5"}], "public_date": "2012-07-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-3431\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3431"], "threat_severity": "Moderate"}