Vulnerability Details CVE-2012-4550
A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (EJB) access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers (JACC) permissions from being applied, allowing remote attackers to gain unauthorized access to EJBs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 78.9%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 6.4
References
- http://rhn.redhat.com/errata/RHSA-2012-1591.html
- http://rhn.redhat.com/errata/RHSA-2012-1592.html
- http://rhn.redhat.com/errata/RHSA-2012-1594.html
- http://secunia.com/advisories/51607
- https://access.redhat.com/errata/RHSA-2012:1591
- https://access.redhat.com/errata/RHSA-2012:1592
- https://access.redhat.com/errata/RHSA-2012:1594
- https://access.redhat.com/security/cve/CVE-2012-4550
- http://rhn.redhat.com/errata/RHSA-2012-1591.html
- http://rhn.redhat.com/errata/RHSA-2012-1592.html
- http://rhn.redhat.com/errata/RHSA-2012-1594.html
- http://secunia.com/advisories/51607
Products affected by CVE-2012-4550
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0