6.5

CVE-2012-4549

A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans (EJB) method invocation. This allows attackers to bypass intended access restrictions for EJB methods, leading to unauthorized access to sensitive functionalities.
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.31% 0.672
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
secalert@redhat.com 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

http://rhn.redhat.com/errata/RHSA-2012-1591.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1592.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1594.html
Vendor Advisory
http://secunia.com/advisories/51607
Vendor Advisory
https://access.redhat.com/errata/RHSA-2012:1591
https://access.redhat.com/errata/RHSA-2012:1592
https://access.redhat.com/errata/RHSA-2012:1594
https://access.redhat.com/security/cve/CVE-2012-4549