PT-2013-1800 · Red Hat · Jboss Soa Platform+3

Derek Horton

Published

2013-02-05

Updated

2017-08-29

CVE-2012-5478

CVSS v2.0

4.9

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform versions prior to 5.2.0 JBoss Web Platform versions prior to 5.2.0 JBoss BRMS Platform versions prior to 5.3.1 JBoss SOA Platform versions prior to 5.3.1

Description The issue concerns improper access restriction in the AuthorizationInterceptor, allowing remote authenticated users to bypass intended role restrictions. This enables them to perform arbitrary JMX operations, although the specific vectors are not specified.

Recommendations For JBoss Enterprise Application Platform versions prior to 5.2.0, update to version 5.2.0 or later. For JBoss Web Platform versions prior to 5.2.0, update to version 5.2.0 or later. For JBoss BRMS Platform versions prior to 5.3.1, update to version 5.3.1 or later. For JBoss SOA Platform versions prior to 5.3.1, update to version 5.3.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-5478

RHSA-2013:0191

RHSA-2013:0192

RHSA-2013:0193

RHSA-2013:0195

RHSA-2013:0196

RHSA-2013:0197

Affected Products

Jboss Brms Platform

Red Hat Jboss Enterprise Application Platform

Jboss Soa Platform

Jboss Web Platform

PT-2013-1800 · Red Hat · Jboss Soa Platform+3

CVE-2012-5478

Weakness Enumeration

Related Identifiers

Affected Products

References · 17