CVE-2012-4549
MEDIUMJBoss Enterprise Application Platform < 6.0.0 - Unauthenticated Authorization Bypass in AuthorizationInterceptor
Title source: llmDescription
A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans (EJB) method invocation. This allows attackers to bypass intended access restrictions for EJB methods, leading to unauthorized access to sensitive functionalities.
References (8)
Core 8
Core References
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1591.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1592.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1594.html
Vendor Advisory
http://secunia.com/advisories/51607
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2012:1591
https://access.redhat.com/errata/RHSA-2012:1591
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2012:1592
https://access.redhat.com/errata/RHSA-2012:1592
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2012:1594
https://access.redhat.com/errata/RHSA-2012:1594
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2012-4549
Scores
CVSS v3
6.5
EPSS
0.0013
EPSS Percentile
32.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-264
CWE-266
Status
published
Products (50)
Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
0:0.1.1-9_redhat_2.3.ep6.el5.4
Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
0:0.1.26-6.GA.redhat_2.ep6.el5.4
Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
0:0.6-7.redhat_2.ep6.el5.5
Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
0:0.7.3-8.redhat_2.ep6.el5.5
Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
0:0.9.94-10.GA_redhat_2.ep6.el5.4
Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
0:1-8.2_redhat_2.ep6.el5.5
Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
0:1.0-2.2.3_redhat_2.ep6.el5.5
Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
0:1.0-6.SP4_redhat_2.ep6.el5.5
Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
0:1.0.0-0.8.final_redhat_2.ep6.el5.3
Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
0:1.0.0-16.redhat_2.ep6.el5
... and 40 more
Published
Jan 05, 2013
Tracked Since
Feb 18, 2026