Red Hat · Jboss Soa Platform · CVE-2012-5478
**Name of the Vulnerable Software and Affected Versions**
JBoss Enterprise Application Platform versions prior to 5.2.0
JBoss Web Platform versions prior to 5.2.0
JBoss BRMS Platform versions prior to 5.3.1
JBoss SOA Platform versions prior to 5.3.1
**Description**
The issue concerns improper access restriction in the AuthorizationInterceptor, allowing remote authenticated users to bypass intended role restrictions. This enables them to perform arbitrary JMX operations, although the specific vectors are not specified.
**Recommendations**
For JBoss Enterprise Application Platform versions prior to 5.2.0, update to version 5.2.0 or later.
For JBoss Web Platform versions prior to 5.2.0, update to version 5.2.0 or later.
For JBoss BRMS Platform versions prior to 5.3.1, update to version 5.3.1 or later.
For JBoss SOA Platform versions prior to 5.3.1, update to version 5.3.1 or later.