6.5
CVE-2012-4549
- EPSS 0.13%
- Veröffentlicht 05.01.2013 00:55:02
- Zuletzt bearbeitet 14.05.2026 23:16:32
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginA flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans (EJB) method invocation. This allows attackers to bypass intended access restrictions for EJB methods, leading to unauthorized access to sensitive functionalities.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Enterprise Application Platform Version <= 6.0.0
Redhat ≫ Jboss Enterprise Application Platform Version4.2.0
Redhat ≫ Jboss Enterprise Application Platform Version4.3.0
Redhat ≫ Jboss Enterprise Application Platform Version5.0.0
Redhat ≫ Jboss Enterprise Application Platform Version5.0.1
Redhat ≫ Jboss Enterprise Application Platform Version5.1.0
Redhat ≫ Jboss Enterprise Application Platform Version5.1.1
Redhat ≫ Jboss Enterprise Application Platform Version5.1.2
Redhat ≫ Jboss Enterprise Application Platform Version5.2.0
Redhat ≫ Jboss Enterprise Application Platform Version5.2.1
Redhat ≫ Jboss Enterprise Application Platform Version5.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.322 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.