CVE-2012-4550 MEDIUM

CVE-2012-4550: Jboss enterprise application platform: jboss eap: jbeap: jboss enterprise application platform: unauthorized ejb access via authorization module bypass

Vendor Red Hat
Product Red Hat JBoss Enterprise Application Platform 6.0
Weakness CWE-280
Published January 5, 2013
Last update May 14, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (EJB) access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers (JACC) permissions from being applied, allowing remote attackers to gain unauthorized access to EJBs.

Key dates

02Disclosure timeline

January 5, 2013 CVE published
May 14, 2026 Record updated