What is the CVSS score of CVE-2012-0874?

CVE-2012-0874 has a CVSS 2.0 base score of 6.8 (Medium). CVSS vector: AV:N/AC:M/Au:N/C:P/I:P/A:P. EPSS exploitation probability: 51.3%.

Which versions of JBoss Enterprise Application Platform are affected by CVE-2012-0874?

CVE-2012-0874 presents notable security risk, a improper authentication vulnerability rated CVSS 6.8. This could allow unauthorized access to protected resources.

Is there a public PoC exploit available for CVE-2012-0874?

Yes, a public proof-of-concept exploit is available for CVE-2012-0874. Prioritise patching immediately. EPSS: 51.3%.

How to fix or mitigate CVE-2012-0874?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Audit authentication configurations.

JBoss Enterprise Application Platform CVE-2012-0874

MEDIUM

Improper Authentication (CWE-287)

2013-02-05 secalert@redhat.com

RCE Authentication Bypass

6.8

CVSS 2.0 · NVD

Severity by source

NVD PRIMARY

6.8 MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

PoC Detected

Apr 11, 2025 - 00:51 vuln.today

Public exploit code

CVE Published

Feb 05, 2013 - 23:55 nvd

MEDIUM 6.8

DescriptionCVE.org

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.

AnalysisAI

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

RemediationAI

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

CVE-2012-0874 vulnerability details – vuln.today

Back