CVE•Published 2013-01-05•Modified 2026-05-14•0 articles on news•5 live references•NVD data

CVE-2012-4550Redhat · Jboss_enterprise_application_platform

Vulnerability data via NVD (ingested)

CVSS v3.1

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS percentile

Exploit Prediction Scoring System · top 49% of all CVEs

Weaknesses (CWE)

CWE-280Improper Handling of Insufficient Permissions or Privileges CWE-264

Description

A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (EJB) access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers (JACC) permissions from being applied, allowing remote attackers to gain unauthorized access to EJBs.

Timeline

Published 2013-01-05

Modified 2026-05-14

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2012-4550

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product + version

product:"Redhat Jboss Enterprise Application Platform" version:"6.0.0"

Version-pinned fingerprint from NVD's first vulnerable CPE.

Shodan · banner/body mention

http.html:"Jboss Enterprise Application Platform"

HTTP body or banner mentions "Jboss Enterprise Application Platform" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2012-4550