Description

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

Remediation

References

CVE-2012-5626

Related Vulnerabilities

WordPress Plugin WP Job Manager PHP Object Injection (1.29.2)

WordPress Plugin Chained Quiz Multiple Cross-Site Scripting Vulnerabilities (0.9.8)

Ruby Improper Input Validation Vulnerability (CVE-2008-3657)

PHP Improper Input Validation Vulnerability (CVE-2012-0788)

WordPress Plugin Subscribe To Comments Reloaded Cross-Site Scripting (150611)

Severity

High

Classification

CVE-2012-5626 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities