VDB
CVE-2012-4549
CVE-2012-4549
PUBLISHED
CVSS 5.800000190734863 MEDIUM
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which allows attackers to bypass intended access restrictions for EJB methods.
EPSS 0.13% · 32.2th percentile
Risk Scores
CVSS 2.0
5.800000190734863
EPSS Score
0.13%
32.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | jboss_enterprise_application_platform | 5.1.2, 4.3.0, 0 |
| n/a | n/a | * |
Exploit Intelligence
- RHSA-2012:1594 (circl)
- 51607 (circl)
- RHSA-2012:1592 (circl)
- RHSA-2012:1591 (circl)
Timeline
- Jan 5, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- RHSA-2012:1594 vendor-advisory
- 51607 third-party-advisory
- RHSA-2012:1592 vendor-advisory
- RHSA-2012:1591 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2012-4549 advisory