A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Jberet
  • Jberet
Redhat
  • Build Keycloak
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Fuse
  • Jbosseapxp
  • Red Hat Single Sign On

Configuration 1 [-]

cpe:2.3:a:jberet:jberet:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat JBoss Enterprise Application Platform 8
jberet-core cpe:/a:redhat:jboss_enterprise_application_platform:8.0 RHSA-2024:3583 2024-06-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
eap8-hibernate-search-0:6.2.2-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 RHSA-2024:3580 2024-06-04T00:00:00Z
eap8-jberet-0:2.1.4-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 RHSA-2024:3580 2024-06-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
eap8-hibernate-search-0:6.2.2-1.Final_redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 RHSA-2024:3581 2024-06-04T00:00:00Z
eap8-jberet-0:2.1.4-1.Final_redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 RHSA-2024:3581 2024-06-04T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2024:1677 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3580 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3581 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3583 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-1102 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2262060 cve-icon cve-icon
https://github.com/jberet/jsr352/issues/452 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-1102 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-1102 cve-icon
History

Fri, 24 Oct 2025 11:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.4
References

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00069}

 epss

{'score': 0.0011}

Wed, 18 Jun 2025 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Jberet
Jberet jberet
CPEs cpe:2.3:a:jberet:jberet:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0:*:*:*:*:*:*:*
Vendors & Products Jberet
Jberet jberet

Wed, 16 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-523

Wed, 18 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Sep 2024 08:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:build_keycloak:22 cpe:/a:redhat:build_keycloak:
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-25T16:24:30.245Z

Updated: 2025-10-24T11:22:28.356Z

Reserved: 2024-01-31T07:59:38.413Z

Link: CVE-2024-1102

cve-icon Vulnrichment

Updated: 2024-08-01T18:26:30.505Z

cve-icon NVD

Status : Modified

Published: 2024-04-25T17:15:47.457

Modified: 2025-10-24T12:15:36.300

Link: CVE-2024-1102

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-01-29T00:00:00Z

Links: CVE-2024-1102 - Bugzilla