CVE-2012-5626

EPSS 0.9%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

23 Jan 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

Affected products

Red Hat · JBoss BRMS Red Hat · JBoss Enterprise Application Platform Red Hat · JBoss Enterprise Web Server Red Hat · JBoss Operations Network Red Hat · JBoss Portal Red Hat · JBoss SOA Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/security/cve/cve-2012-5626 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626