CVE-2014-0085
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse
EPSS 0.08%
Description
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
How to fix CVE-2014-0085
To remediate CVE-2014-0085, upgrade the affected package to a fixed version below.
- —upgrade to 6.1.0 or later
Is CVE-2014-0085 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 6.1.0