CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
75.3%
The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | jboss_enterprise_application_platform | 5.1.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 5.1.1 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:*:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 5.2.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 5.2.1 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.1:*:*:*:*:*:*:* |
redhat | jboss_enterprise_brms_platform | * | cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:* |
redhat | jboss_enterprise_soa_platform | * | cpe:2.3:a:redhat:jboss_enterprise_soa_platform:*:*:*:*:*:*:*:* |
redhat | jboss_enterprise_soa_platform | 5.0.0 | cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:* |
redhat | jboss_enterprise_soa_platform | 5.0.1 | cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.1:*:*:*:*:*:*:* |
redhat | jboss_enterprise_soa_platform | 5.0.2 | cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.2:*:*:*:*:*:*:* |
redhat | jboss_enterprise_soa_platform | 5.1.0 | cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:* |
rhn.redhat.com/errata/RHSA-2012-1013.html
rhn.redhat.com/errata/RHSA-2012-1014.html
rhn.redhat.com/errata/RHSA-2012-1026.html
rhn.redhat.com/errata/RHSA-2012-1027.html
rhn.redhat.com/errata/RHSA-2012-1028.html
rhn.redhat.com/errata/RHSA-2012-1125.html
rhn.redhat.com/errata/RHSA-2012-1232.html
secunia.com/advisories/49635
secunia.com/advisories/49658
secunia.com/advisories/50549
securitytracker.com/id?1027501
www.securityfocus.com/bid/54089
bugzilla.redhat.com/show_bug.cgi?id=802622
exchange.xforce.ibmcloud.com/vulnerabilities/76680