CVE-2012-4572 - CERT CVE
ID CVE-2012-4572
Sažetak Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.
Reference
CVSS
Base: 3.7
Impact: 6.4
Exploitability:1.9
Pristup
VektorSloženostAutentikacija
LOCAL HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:L/AC:H/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje 30-10-2013 - 14:47
Objavljeno 28-10-2013 - 21:55