Skip to main content
CVE-2012-4549 MEDIUM This Month

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Java
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2012-4550 MEDIUM This Month

JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Java
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2012-2378 MEDIUM PATCH This Month

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Apache Cxf
NVD
CVSS 2.0
4.3
EPSS
4.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy