{"api_version":"1","generated_at":"2026-04-22T23:20:08+00:00","cve":"CVE-2012-5478","urls":{"html":"https://cve.report/CVE-2012-5478","api":"https://cve.report/api/cve/CVE-2012-5478.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-5478","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-5478"},"summary":{"title":"CVE-2012-5478","description":"The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2013-02-05 23:55:00","updated_at":"2017-08-29 01:32:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2013-0533.html","name":"RHSA-2013:0533","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.osvdb.org/89580","name":"89580","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://securitytracker.com/id?1028042","name":"1028042","refsource":"SECTRACK","tags":[],"title":"JBoss Multiple Bugs Let Remote Users Execute Arbitrary Code, Hijack User Sessions or Credentials, and Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0194.html","name":"RHSA-2013:0194","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0193.html","name":"RHSA-2013:0193","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0198.html","name":"RHSA-2013:0198","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0196.html","name":"RHSA-2013:0196","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0191.html","name":"RHSA-2013:0191","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0192.html","name":"RHSA-2013:0192","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0221.html","name":"RHSA-2013:0221","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0195.html","name":"RHSA-2013:0195","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/51984","name":"51984","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA51984 - Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/52054","name":"52054","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA52054 - Red Hat update for JBoss Enterprise BRMS Platform - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0197.html","name":"RHSA-2013:0197","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81514","name":"jboss-eap-jmx-sec-bypass(81514)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-5478","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5478","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"5478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5478","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5478","vulnerable":"1","versionEndIncluding":"5.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_brms_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5478","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2012-5478","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2013-0191.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0191.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0192.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0192.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0193.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0193.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0194.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0194.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0195.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0195.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0196.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0196.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0197.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0197.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0198.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0198.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0221.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0221.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0533.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0533.html"},{"url":"http://secunia.com/advisories/51984","refsource":"MISC","name":"http://secunia.com/advisories/51984"},{"url":"http://secunia.com/advisories/52054","refsource":"MISC","name":"http://secunia.com/advisories/52054"},{"url":"http://securitytracker.com/id?1028042","refsource":"MISC","name":"http://securitytracker.com/id?1028042"},{"url":"http://www.osvdb.org/89580","refsource":"MISC","name":"http://www.osvdb.org/89580"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81514","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81514"}]}},"nvd":{"publishedDate":"2013-02-05 23:55:00","lastModifiedDate":"2017-08-29 01:32:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.9},"severity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"5.3.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"5478","Ordinal":"58504","Title":"CVE-2012-5478","CVE":"CVE-2012-5478","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"5478","Ordinal":"1","NoteData":"The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"5478","Ordinal":"2","NoteData":"2013-02-05","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"5478","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}