CVE-2012-4550

MEDIUM

JBoss EAP <6.0.1 - Privilege Escalation

Title source: llm

Description

A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (EJB) access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers (JACC) permissions from being applied, allowing remote attackers to gain unauthorized access to EJBs.

References (8)

Core 8

Core References

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-1591.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-1592.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-1594.html

Vendor Advisory

http://secunia.com/advisories/51607

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2012:1591

https://access.redhat.com/errata/RHSA-2012:1591

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2012:1592

https://access.redhat.com/errata/RHSA-2012:1592

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2012:1594

https://access.redhat.com/errata/RHSA-2012:1594

Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2012-4550

Scores

CVSS v3 5.3

EPSS 0.0020

EPSS Percentile 42.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-264 CWE-280

Status published

Products (50)

Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 0:0.1.1-9_redhat_2.3.ep6.el5.4

Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 0:0.1.26-6.GA.redhat_2.ep6.el5.4

Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 0:0.6-7.redhat_2.ep6.el5.5

Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 0:0.7.3-8.redhat_2.ep6.el5.5

Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 0:0.9.94-10.GA_redhat_2.ep6.el5.4

Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 0:1-8.2_redhat_2.ep6.el5.5

Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 0:1.0-2.2.3_redhat_2.ep6.el5.5

Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 0:1.0-6.SP4_redhat_2.ep6.el5.5

Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 0:1.0.0-0.8.final_redhat_2.ep6.el5.3

Red Hat/Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 0:1.0.0-16.redhat_2.ep6.el5

... and 40 more

Published Jan 05, 2013

Tracked Since Feb 18, 2026