Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4550

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-4550
Last Modified 07 May 2013 12:00:00
Published 04 Jan 2013 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4550

Summary

JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 4.2.0

  • Redhat Jboss Enterprise Application Platform 4.3.0

  • Redhat Jboss Enterprise Application Platform 5.0.0

  • Redhat Jboss Enterprise Application Platform 5.0.1

  • Redhat Jboss Enterprise Application Platform 5.1.0

  • Redhat Jboss Enterprise Application Platform 5.1.1

  • Redhat Jboss Enterprise Application Platform 5.1.2

  • Redhat Jboss Enterprise Application Platform 5.2.0

  • Redhat Jboss Enterprise Application Platform 5.2.1

  • Redhat Jboss Enterprise Application Platform 5.2.2

  • Redhat Jboss Enterprise Application Platform 6.0.0

  • Redhat Jboss Enterprise Application Platform 6.0.1


References

SECUNIA - 51607

REDHAT - RHSA-2012:1594

REDHAT - RHSA-2012:1592

REDHAT - RHSA-2012:1591


Last Updated: 27 May 2016 10:47:23