CVE-2012-4550

{"id": "CVE-2012-4550", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2013-01-05T00:55:02.993", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51607", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2012:1591", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2012:1592", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2012:1594", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2012-4550", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51607", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-280"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (EJB) access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers (JACC) permissions from being applied, allowing remote attackers to gain unauthorized access to EJBs."}, {"lang": "es", "value": "JBoss Enterprise Application Platform (tamb\u00eden conocido como JBoss EAP o JBEAP) anteriores a \r\nv6.0.1, cuando se usa una autorizaci\u00f3n basada en roles para acceder a Enterprise Java Beans (EJB), no llama a los m\u00f3dulos de autorizaci\u00f3n de forma adecuada, lo que evita que se puedan usar los permisos JACC de ser aplicados y permiten a atacantes remotos obtener acceso a EJB."}], "lastModified": "2026-05-14T23:16:34.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D"}], "operator": "OR"}]}], "evaluatorImpact": "Per https://bugzilla.redhat.com/show_bug.cgi?id=870871#c7\r\n\"This issue did not affect JBoss Enterprise Application Platform versions 4.x and 5.x.\"", "sourceIdentifier": "secalert@redhat.com"}