7.8

CVE-2012-2312

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatJboss Application Server Version7.1.0 SwEditioncommunity
RedhatJboss Application Server Version7.1.1 SwEditioncommunity
RedhatJboss Enterprise Application Platform Version6.0.0 Updatebeta
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.208
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://access.redhat.com/security/cve/cve-2012-2312
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312
Vendor Advisory
Issue Tracking
https://security-tracker.debian.org/tracker/CVE-2012-2312
Third Party Advisory