Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5478)

Description

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.

Remediation

References

Related Vulnerabilities

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30378)

WordPress Plugin Gallery-Flagallery Photo Portfolio 'skin' Parameter Cross-Site Scripting (1.72)

ownCloud Improper Input Validation Vulnerability (CVE-2012-5610)

WordPress Plugin NextGEN Gallery-WordPress Gallery Arbitrary File Upload (1.9.12)

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10002)

Severity

Medium

Classification

CVE-2012-5478 CWE-264

Tags

Missing Update Known Vulnerabilities