CVE-2012-4550

Published Jan 5, 2013

Last updated 12 years ago

Overview

Description
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB.
Source
secalert@redhat.com
NVD status
Analyzed

Risk scores

CVSS 2.0

Type
Primary
Base score
6.4
Impact score
4.9
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov
CWE-264

Social media

Hype score
Not currently trending

Evaluator

Comment
-
Impact
Per https://bugzilla.redhat.com/show_bug.cgi?id=870871#c7 "This issue did not affect JBoss Enterprise Application Platform versions 4.x and 5.x."
Solution
Per https://bugzilla.redhat.com/show_bug.cgi?id=870871#c7 "This issue did not affect JBoss Enterprise Application Platform versions 4.x and 5.x."

Configurations