CVE-2012-4550
First published: Sat Jan 05 2013(Updated: )
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Enterprise Application Platform | =6.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-4550?
CVE-2012-4550 is classified as a high severity vulnerability due to its potential for unauthorized remote access.
How do I fix CVE-2012-4550?
To fix CVE-2012-4550, upgrade your JBoss Enterprise Application Platform to version 6.0.1 or later.
What systems are affected by CVE-2012-4550?
CVE-2012-4550 affects JBoss Enterprise Application Platform version 6.0.0 prior to updates.
What type of attacks can CVE-2012-4550 enable?
CVE-2012-4550 could potentially allow remote attackers to bypass authorization mechanisms and gain unauthorized access.
Is there a workaround for CVE-2012-4550?
There is no known workaround for CVE-2012-4550 other than updating to a patched version.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/6.0.0