CVE-2012-4572

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform (EAP) versions prior to 6.1.0 Red Hat JBoss Portal versions prior to 6.1.0

Description The issue allows local users to control certain applications' authorization decisions via a crafted application. This occurs because the implementation of a custom authorization module for a new application is not loaded when an implementation is already loaded and the modules share class names.

Recommendations For Red Hat JBoss Enterprise Application Platform (EAP) versions prior to 6.1.0, update to version 6.1.0 or later. For Red Hat JBoss Portal versions prior to 6.1.0, update to version 6.1.0 or later.