CVE-2012-5626 | Vulnerability Database | Aqua Security

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

Affected Software

Name	Vendor	Start Version	End Version
Jboss_brms	Redhat	5 (including)	5 (including)
Jboss_enterprise_application_platform	Redhat	5.0.0 (including)	5.0.0 (including)
Jboss_enterprise_web_server	Redhat	1.0.0 (including)	1.0.0 (including)
Jboss_operations_network	Redhat	3.1 (including)	3.1 (including)
Jboss_portal	Redhat	4.0.0 (including)	4.0.0 (including)
Jboss_portal	Redhat	5.0.0 (including)	5.0.0 (including)
Jboss_soa_platform	Redhat	4.2 (including)	4.2 (including)
Jboss_soa_platform	Redhat	4.3 (including)	4.3 (including)
Jboss_soa_platform	Redhat	5 (including)	5 (including)

References

https://access.redhat.com/security/cve/cve-2012-5626
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5626
CWE	https://cwe.mitre.org/data/definitions/.html