5.5
CVE-2013-2133
- EPSS 0.33%
- Veröffentlicht 06.12.2013 17:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Enterprise Application Platform Version <= 6.1.0
Redhat ≫ Jboss Enterprise Application Platform Version4.2.0
Redhat ≫ Jboss Enterprise Application Platform Version4.2.0 Updatecp09
Redhat ≫ Jboss Enterprise Application Platform Version4.3.0
Redhat ≫ Jboss Enterprise Application Platform Version4.3.0 Updatecp10
Redhat ≫ Jboss Enterprise Application Platform Version5.0.0
Redhat ≫ Jboss Enterprise Application Platform Version5.0.1
Redhat ≫ Jboss Enterprise Application Platform Version5.1.0
Redhat ≫ Jboss Enterprise Application Platform Version5.1.1
Redhat ≫ Jboss Enterprise Application Platform Version5.1.2
Redhat ≫ Jboss Enterprise Application Platform Version5.2.0
Redhat ≫ Jboss Enterprise Application Platform Version5.2.1
Redhat ≫ Jboss Enterprise Application Platform Version5.2.2
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
Redhat ≫ Jboss Enterprise Application Platform Version6.0.1
Redhat ≫ Enterprise Linux Version5
Redhat ≫ Enterprise Linux Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.552 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|