CVE-2012-5478 Information
Description
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0 Web Platform (EWP) before 5.2.0 BRMS Platform before 5.3.1 and SOA Platform before 5.3.1 does not properly restrict access which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.
Reference
http://rhn.redhat.com/errata/RHSA-2013-0191.html http://rhn.redhat.com/errata/RHSA-2013-0192.html http://rhn.redhat.com/errata/RHSA-2013-0193.html http://rhn.redhat.com/errata/RHSA-2013-0194.html http://rhn.redhat.com/errata/RHSA-2013-0195.html http://rhn.redhat.com/errata/RHSA-2013-0196.html http://rhn.redhat.com/errata/RHSA-2013-0197.html http://rhn.redhat.com/errata/RHSA-2013-0198.html http://rhn.redhat.com/errata/RHSA-2013-0221.html http://rhn.redhat.com/errata/RHSA-2013-0533.html http://secunia.com/advisories/51984 http://secunia.com/advisories/52054 http://securitytracker.com/id?1028042 http://www.osvdb.org/89580 https://exchange.xforce.ibmcloud.com/vulnerabilities/81514
Share on: