CVE-2012-3347

Name of the Vulnerable Software and Affected Versions AutoFORM PDM Archive versions prior to 7.0

Description The issue allows remote authenticated users to bypass intended access restrictions via the "/jmx-console" API endpoint, and then upload and execute arbitrary JSP code via a JBoss remote-deployment mechanism.

Recommendations For versions prior to 7.0, update to version 7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/jmx-console" API endpoint to minimize the risk of exploitation.