Bug 1375760 (CVE-2016-7043)

Summary: CVE-2016-7043 kie-server: Plaintext password storage in kie-server and busitess-central
Product: [Other] Security Response Reporter: Pavel Polischouk <pavelp>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: akoufoud, alazarot, almorale, anstephe, etirelli, ibek, jcoleman, krathod, kverlaen, mbaluch, mnovotny, mwinkler, nwallace, rrajasek, rsynek, rzhang, sdaley, security-response-team, tkirby
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 00:54:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1375758    

Description Pavel Polischouk 2016-09-14 00:27:30 UTC 
It has been reported that KIE server and Busitess Central contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.
Comment 1 Pavel Polischouk 2016-09-14 00:29:59 UTC 
Acknowledgments:

Name: Alessandro Lazarotti (Red Hat)