CVE-2012-5478
First published: Tue Feb 05 2013(Updated: )
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Enterprise Application Platform | =5.2.0 | |
| Red Hat JBoss Enterprise Web Platform | =5.2.0 | |
| Red Hat JBoss Enterprise BRMS Platform | <=5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://rhn.redhat.com/errata/RHSA-2013-0221.html
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://secunia.com/advisories/51984
- http://secunia.com/advisories/52054
- http://securitytracker.com/id?1028042
- http://www.osvdb.org/89580
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81514
Frequently Asked Questions
What is the severity of CVE-2012-5478?
CVE-2012-5478 is classified as a moderate severity vulnerability due to its potential for unauthorized access.
How do I fix CVE-2012-5478?
To fix CVE-2012-5478, upgrade to JBoss Enterprise Application Platform 5.2.0 or later, or the respective updated versions of the affected platforms.
Who is affected by CVE-2012-5478?
CVE-2012-5478 affects users of JBoss EAP before 5.2.0, Web Platform before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1.
What is the impact of CVE-2012-5478?
The impact of CVE-2012-5478 is that remote authenticated users may bypass intended role restrictions, potentially leading to unauthorized access.
When was CVE-2012-5478 disclosed?
CVE-2012-5478 was disclosed in November 2012 and has since been addressed by subsequent software updates.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/author
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/5.2.0
- canonical/red hat jboss enterprise web platform
- version/red hat jboss enterprise web platform/5.2.0
- canonical/red hat jboss enterprise brms platform
- version/red hat jboss enterprise brms platform/5.3.0