CVE-2012-4549

Sažetak

A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans (EJB) method invocation. This allows attackers to bypass intended access restrictions for EJB methods, leading to unauthorized access to sensitive functionalities.

Reference

http://rhn.redhat.com/errata/RHSA-2012-1591.html
http://rhn.redhat.com/errata/RHSA-2012-1592.html
http://rhn.redhat.com/errata/RHSA-2012-1594.html
http://secunia.com/advisories/51607
https://access.redhat.com/errata/RHSA-2012:1591
https://access.redhat.com/errata/RHSA-2012:1592
https://access.redhat.com/errata/RHSA-2012:1594
https://access.redhat.com/security/cve/CVE-2012-4549
http://rhn.redhat.com/errata/RHSA-2012-1591.html
http://rhn.redhat.com/errata/RHSA-2012-1592.html
http://rhn.redhat.com/errata/RHSA-2012-1594.html
http://secunia.com/advisories/51607

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

14-05-2026 - 23:16

Objavljeno

05-01-2013 - 00:55