CVE-2010-2474

EPSS 0.25%
Published 10.08.2010 12:23:06
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Service Bus Version <= 4.7

Redhat ≫ Jboss Enterprise Service Bus Version4.0

Redhat ≫ Jboss Enterprise Service Bus Version4.2

Redhat ≫ Jboss Enterprise Service Bus Version4.2.1

Redhat ≫ Jboss Enterprise Service Bus Version4.3

Redhat ≫ Jboss Enterprise Service Bus Version4.4

Redhat ≫ Jboss Enterprise Service Bus Version4.5

Redhat ≫ Jboss Enterprise Service Bus Version4.6

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp01

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp03

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp04

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp05

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatetp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp01

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp03

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp04

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.0

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.456

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/40568

Vendor Advisory

http://secunia.com/advisories/40681

Vendor Advisory

http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html

https://bugzilla.redhat.com/show_bug.cgi?id=609442

https://jira.jboss.org/browse/JBESB-3345

https://nvd.nist.gov/vuln/detail/CVE-2010-2474

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2474

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2474

EUVD