Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2012-4572
HistoryOct 28, 2013 - 9:55 p.m.

CVE-2012-4572

2013-10-2821:55:04
CWE-264
redhat
web.nvd.nist.gov
31
red hat
jboss
eap
portal
cve-2012-4572
authorization
security vulnerability
nvd

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

5.4

Confidence

High

EPSS

0

Percentile

5.1%

JSON

Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications’ authorization decisions via a crafted application.

Affected configurations

Nvd
Node
redhatjboss_enterprise_application_platformRange6.0.1
OR
redhatjboss_enterprise_application_platformMatch4.2.0
OR
redhatjboss_enterprise_application_platformMatch4.3.0
OR
redhatjboss_enterprise_application_platformMatch5.0.0
OR
redhatjboss_enterprise_application_platformMatch5.0.1
OR
redhatjboss_enterprise_application_platformMatch5.1.0
OR
redhatjboss_enterprise_application_platformMatch5.1.1
OR
redhatjboss_enterprise_application_platformMatch5.1.2
OR
redhatjboss_enterprise_application_platformMatch5.2.0
OR
redhatjboss_enterprise_application_platformMatch5.2.1
OR
redhatjboss_enterprise_application_platformMatch5.2.2
OR
redhatjboss_enterprise_application_platformMatch6.0.0
Node
redhatjboss_enterprise_portal_platformRange6.0.0
OR
redhatjboss_enterprise_portal_platformMatch4.3.0
OR
redhatjboss_enterprise_portal_platformMatch5.0.0
OR
redhatjboss_enterprise_portal_platformMatch5.0.1
OR
redhatjboss_enterprise_portal_platformMatch5.1.0
OR
redhatjboss_enterprise_portal_platformMatch5.1.1
OR
redhatjboss_enterprise_portal_platformMatch5.2.0
OR
redhatjboss_enterprise_portal_platformMatch5.2.1
OR
redhatjboss_enterprise_portal_platformMatch5.2.2
VendorProductVersionCPE
redhatjboss_enterprise_application_platform*cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform4.2.0cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform4.3.0cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform5.0.0cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform5.0.1cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.1:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform5.1.0cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform5.1.1cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform5.1.2cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform5.2.0cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
redhatjboss_enterprise_application_platform5.2.1cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 211

Related

cvelist 1
prion 1
ubuntucve 1
nvd 1
veracode 1
nessus 4
redhat 3
cvelist
cvelist
CVE-2012-4572
2013-10-28 21:00:00
prion
prion
Authorization
2013-10-28 21:55:00
ubuntucve
ubuntucve
CVE-2012-4572
2013-10-28 00:00:00
nvd
nvd
CVE-2012-4572
2013-10-28 21:55:04
veracode
veracode
Authentication Bypass
2019-05-02 04:45:00
nessus
nessus
RHEL 5 : JBoss EAP (RHSA-2013:0839)
2013-05-21 00:00:00
RHEL 6 : JBoss EAP (RHSA-2013:0834)
2013-05-21 00:00:00
JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833)
2013-06-24 00:00:00
redhat
redhat
(RHSA-2013:0839) Important: JBoss Enterprise Application Platform 6.1.0 update
2013-05-20 00:00:00
(RHSA-2013:0834) Important: JBoss Enterprise Application Platform 6.1.0 update
2013-05-20 00:00:00
(RHSA-2013:0833) Important: JBoss Enterprise Application Platform 6.1.0 update
2013-05-20 14:27:16

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

5.4

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2012-4572
cvelist1prion1ubuntucve1nvd1veracode1nessus4redhat3