CVE-2010-2474

JBoss Enterprise Service Bus < 4.7 CP02 - Privilege Escalation via Security Domain Bypass

Title source: llm
STIX 2.1

Description

JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40568
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40681
Various Sources x_refsource_confirm
https://jira.jboss.org/browse/JBESB-3345
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=609442

Scores

EPSS 0.0090
EPSS Percentile 55.5%

Details

CWE
CWE-20
Status published
Products (12)
redhat/jboss_enterprise_service_bus 4.0
redhat/jboss_enterprise_service_bus 4.2
redhat/jboss_enterprise_service_bus 4.2.1
redhat/jboss_enterprise_service_bus 4.3
redhat/jboss_enterprise_service_bus 4.4
redhat/jboss_enterprise_service_bus 4.5
redhat/jboss_enterprise_service_bus 4.6
redhat/jboss_enterprise_service_bus < 4.7
redhat/jboss_enterprise_soa_platform 4.2.0 (7 CPE variants)
redhat/jboss_enterprise_soa_platform 4.3.0 (5 CPE variants)
... and 2 more
Published Aug 10, 2010
Tracked Since Feb 18, 2026