CVE-2012-4572

Advisory lineage Upstream: 0 Downstream: 2

Downstream

RHSA-2013:0834 RHSA-2013:0839

Modified

Published: 28 Oct 2013, 21:00

Last modified:06 Aug 2024, 20:42

Vulnerability Summary

Overall Risk (default)

low

15/100

CVSS Score

3.7 LOW

v2.0 (nvd)

EPSS Score

0.15% LOW

0% probability +0.09%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 Oct 2013, 21:00

Published

Vulnerability first disclosed

06 Aug 2024, 20:42

Last Modified

Vulnerability information updated

Description

Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.

CVSS Metrics

v2.0•LOW•Score: 3.7AV:L/AC:H/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.15%• Percentile: 36%

Techniques & Countermeasures

CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

redhat•jboss_enterprise_application_platform
≤ 6.0.1 | 4.2.0 | 4.3.0 | 5.0.0 | 5.0.1 | 5.1.0 | 5.1.1 | 5.1.2 | 5.2.0 | 5.2.1 | 5.2.2 | 6.0.0
redhat•jboss_enterprise_portal_platform
≤ 6.0.0 | 4.3.0 | 5.0.0 | 5.0.1 | 5.1.0 | 5.1.1 | 5.2.0 | 5.2.1 | 5.2.2