Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CVEs (881)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-4549 1Redhat 1Jboss Enterprise Application Platform May 14, 2026 Jan 5, 2013 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are...Show more A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans (EJB) method invocation. This allows attackers to bypass intended access restrictions for EJB methods, leading to unauthorized access to sensitive functionalities.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2012-4549

1Redhat

1Jboss Enterprise Application Platform

May 14, 2026

Jan 5, 2013

N/A· v4

6.5 MEDIUM· v3

5.8 MEDIUM· v2

A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans (EJB) method invocation. This allows attackers to bypass intended access restrictions for EJB methods, leading to unauthorized access to sensitive functionalities.Show less

Previous 1...41 42 43 4445