CVE-2012-5626

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss BRMS version 5 Red Hat JBoss Enterprise Application Platform version 5 Red Hat JBoss Operations Network version 3.1 Red Hat JBoss Portal versions 4 and 5 Red Hat JBoss SOA Platform versions 4.2, 4.3, and 5 Red Hat JBoss Enterprise Web Server version 1

Description: The issue concerns an EJB method that ignores roles specified using the @RunAs annotation, potentially leading to unauthorized access.

Recommendations: For Red Hat JBoss BRMS version 5, update the EJB method to properly handle roles specified using the @RunAs annotation. For Red Hat JBoss Enterprise Application Platform version 5, modify the application to enforce role-based access control. For Red Hat JBoss Operations Network version 3.1, restrict access to sensitive resources until the issue is resolved. For Red Hat JBoss Portal versions 4 and 5, apply additional security measures to prevent unauthorized access. For Red Hat JBoss SOA Platform versions 4.2, 4.3, and 5, reconfigure the platform to correctly implement role-based access control. For Red Hat JBoss Enterprise Web Server version 1, consider disabling the vulnerable EJB method until a proper fix is available.