Published: 05/01/2013 Updated: 07/05/2013

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) prior to 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote malicious users to obtain access to the EJB.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss enterprise application platform 6.0.0

Synopsis Important: JBoss Enterprise Application Platform 601 update Type/Severity Security Advisory: Important Topic JBoss Enterprise Application Platform 601, which fixes multiple securityissues, various bugs, and adds enhancements, is now available from the RedHat Customer PortalThe Red Hat Security ...

Synopsis Important: JBoss Enterprise Application Platform 601 update Type/Severity Security Advisory: Important Topic Updated JBoss Enterprise Application Platform 601 packages that fixmultiple security issues, various bugs, and add enhancements are nowavailable for Red Hat Enterprise Linux 5The Red Ha ...

Synopsis Important: JBoss Enterprise Application Platform 601 update Type/Severity Security Advisory: Important Topic Updated JBoss Enterprise Application Platform 601 packages that fixmultiple security issues, various bugs, and add enhancements are nowavailable for Red Hat Enterprise Linux 6The Red Ha ...

CWE-264 http://rhn.redhat.com/errata/RHSA-2012-1591.html http://rhn.redhat.com/errata/RHSA-2012-1592.html http://secunia.com/advisories/51607 http://rhn.redhat.com/errata/RHSA-2012-1594.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2012:1594

CVE-2012-4550

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect