6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
70.7%
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before
6.0.1, when using role-based authorization for Enterprise Java Beans (EJB)
access, does not call the intended authorization modules, which prevents
JACC permissions from being applied and allows remote attackers to obtain
access to the EJB.
Author | Note |
---|---|
ebarretto | only builds a few libraries, not the full application server |