CVE-2010-2474

Current Description

JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.

Basic Data

PublishedAugust 10, 2010
Last ModifiedAugust 10, 2010
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score3.5
SeverityLOW
Exploitability Score6.8
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationRedhatJboss Enterprise Service Bus4.0*******
      2.3ApplicationRedhatJboss Enterprise Service Bus4.2*******
      2.3ApplicationRedhatJboss Enterprise Service Bus4.2.1*******
      2.3ApplicationRedhatJboss Enterprise Service Bus4.3*******
      2.3ApplicationRedhatJboss Enterprise Service Bus4.4*******
      2.3ApplicationRedhatJboss Enterprise Service Bus4.5*******
      2.3ApplicationRedhatJboss Enterprise Service Bus4.6*******
      2.3ApplicationRedhatJboss Enterprise Service Bus********4.7
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.2.0*******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.2.0CP01******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.2.0cp02******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.2.0cp03******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.2.0cp04******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.2.0cp05******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.2.0tp02******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.3.0*******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.3.0CP01******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.3.0cp02******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.3.0cp03******
      2.3ApplicationRedhatJboss Enterprise Soa Platform4.3.0cp04******
      2.3ApplicationRedhatJboss Enterprise Soa Platform5.0.0*******
      2.3ApplicationRedhatJboss Enterprise Soa Platform5.0.1*******

Vulnerable Software List

VendorProductVersions
Redhat Jboss Enterprise Service Bus *, 4.0, 4.2, 4.2.1, 4.3, 4.4, 4.5, 4.6
Redhat Jboss Enterprise Soa Platform 4.2.0, 4.3.0, 5.0.0, 5.0.1

References

NameSourceURLTags
40568http://secunia.com/advisories/40568SECUNIAVendor Advisory
40681http://secunia.com/advisories/40681SECUNIAVendor Advisory
http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.htmlhttp://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.htmlCONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=609442https://bugzilla.redhat.com/show_bug.cgi?id=609442CONFIRM
https://jira.jboss.org/browse/JBESB-3345https://jira.jboss.org/browse/JBESB-3345CONFIRM