CVE-2010-2474
JBoss Enterprise Service Bus < 4.7 CP02 - Privilege Escalation via Security Domain Bypass
Title source: llmDescription
JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40568
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40681
Various Sources x_refsource_confirm
https://jira.jboss.org/browse/JBESB-3345
Vendor Advisory x_refsource_confirm
http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=609442
Scores
EPSS
0.0090
EPSS Percentile
55.5%
Details
CWE
CWE-20
Status
published
Products (12)
redhat/jboss_enterprise_service_bus
4.0
redhat/jboss_enterprise_service_bus
4.2
redhat/jboss_enterprise_service_bus
4.2.1
redhat/jboss_enterprise_service_bus
4.3
redhat/jboss_enterprise_service_bus
4.4
redhat/jboss_enterprise_service_bus
4.5
redhat/jboss_enterprise_service_bus
4.6
redhat/jboss_enterprise_service_bus
< 4.7
redhat/jboss_enterprise_soa_platform
4.2.0 (7 CPE variants)
redhat/jboss_enterprise_soa_platform
4.3.0 (5 CPE variants)
... and 2 more
Published
Aug 10, 2010
Tracked Since
Feb 18, 2026