// For flags

CVE-2012-4572

JBoss: custom authorization module implementations shared between applications

Severity Score

3.7
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.

Red Hat JBoss Enterprise Application Platform (EAP) antes de 6.1.0 y JBoss Portal anteriores a 6.1.0 no carga la implementación de un módulo de autorización personalizado para una nueva aplicación cuando una aplicación está ya cargada y los módulos comparten los nombres de clase, lo que permite a usuarios locales controlar las decisiones de autorización ciertas aplicaciones a través de una aplicación manipulada.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-08-21 CVE Reserved
  • 2013-05-20 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
<= 6.0.1
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version " <= 6.0.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
4.2.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "4.2.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
4.3.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "4.3.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.0.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.0.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.0.1
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.0.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.1.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.1.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.1.1
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.1.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.1.2
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.1.2"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.2.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.2.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.2.1
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.2.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.2.2
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.2.2"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
6.0.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Portal Platform
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform"
<= 6.0.0
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version " <= 6.0.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Portal Platform
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform"
4.3.0
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "4.3.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Portal Platform
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform"
5.0.0
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.0.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Portal Platform
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform"
5.0.1
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.0.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Portal Platform
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform"
5.1.0
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.1.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Portal Platform
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform"
5.1.1
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.1.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Portal Platform
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform"
5.2.0
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.2.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Portal Platform
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform"
5.2.1
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.2.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Portal Platform
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform"
5.2.2
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version "5.2.2"
-
Affected