Lucene search

PRIOn knowledge basePRION:CVE-2012-5478

HistoryFeb 05, 2013 - 11:55 p.m.

Design/Logic Flaw

2013-02-0523:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.5%

JSON

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.

CPENameOperatorVersion
jboss_enterprise_application_platformeq5.2.0
jboss_enterprise_brms_platformle5.3.0
jboss_enterprise_web_platformeq5.2.0

Name	Operator	Version
jboss_enterprise_application_platform	eq	5.2.0
jboss_enterprise_brms_platform	le	5.3.0
jboss_enterprise_web_platform	eq	5.2.0

References

rhn.redhat.com/errata/RHSA-2013-0191.html

rhn.redhat.com/errata/RHSA-2013-0192.html

rhn.redhat.com/errata/RHSA-2013-0193.html

rhn.redhat.com/errata/RHSA-2013-0194.html

rhn.redhat.com/errata/RHSA-2013-0195.html

rhn.redhat.com/errata/RHSA-2013-0196.html

rhn.redhat.com/errata/RHSA-2013-0197.html

rhn.redhat.com/errata/RHSA-2013-0198.html

rhn.redhat.com/errata/RHSA-2013-0221.html

rhn.redhat.com/errata/RHSA-2013-0533.html

secunia.com/advisories/51984

secunia.com/advisories/52054

securitytracker.com/id?1028042

www.osvdb.org/89580

exchange.xforce.ibmcloud.com/vulnerabilities/81514