Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2012-5478 - Vulnerability Database

Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2012-5478

Medium

Reference: CVE-2012-5478

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-5478

Title: Jboss EAP Permissions Privileges and Access Controls Vulnerability

Overview:

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0 Web Platform (EWP) before 5.2.0 BRMS Platform before 5.3.1 and SOA Platform before 5.3.1 does not properly restrict access which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.