CVE-2012-4550
Jboss enterprise application platform: jboss eap: jbeap: jboss enterprise application platform: unauthorized ejb access via authorization module bypass
A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (EJB) access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers (JACC) permissions from being applied, allowing remote attackers to gain unauthorized access to EJBs.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Red Hat · Red Hat JBoss Enterprise Application Platform 6.0Red Hat · Red Hat JBoss Enterprise Application Platform 6 for RHEL 5Red Hat · Red Hat JBoss Enterprise Application Platform 6 for RHEL 6Red Hat · Red Hat JBoss Enterprise Application Platform 7Red Hat · Red Hat JBoss Enterprise Application Platform 8Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rhn.redhat.com/errata/RHSA-2012-1591.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1592.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1594.htmlhttps://access.redhat.com/errata/RHSA-2012:1591https://access.redhat.com/errata/RHSA-2012:1592https://access.redhat.com/errata/RHSA-2012:1594https://access.redhat.com/security/cve/CVE-2012-4550http://secunia.com/advisories/51607