Home

CVE-2013-2133

Description

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

Risk Information

Base Score
5.4
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.326

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.0.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.1.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.1.1Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.0.1Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.1.2Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.2.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.2.1Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.2.2Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.1Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.1.0Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234