JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-01-05T00:00:00Z

Updated: 2024-08-06T20:42:54.399Z

Reserved: 2012-08-21T00:00:00Z

Link: CVE-2012-4550

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-01-05T00:55:02.993

Modified: 2024-11-21T01:43:07.033

Link: CVE-2012-4550

cve-icon Redhat

Severity : Important

Publid Date: 2012-04-19T00:00:00Z

Links: CVE-2012-4550 - Bugzilla