Vulnerability Description
JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Service Bus | <= 4.7 |
| Redhat | Jboss Enterprise Soa Platform | 4.2.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/40568Vendor Advisory
- http://secunia.com/advisories/40681Vendor Advisory
- http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Not
- https://bugzilla.redhat.com/show_bug.cgi?id=609442
- https://jira.jboss.org/browse/JBESB-3345
- http://secunia.com/advisories/40568Vendor Advisory
- http://secunia.com/advisories/40681Vendor Advisory
- http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Not
- https://bugzilla.redhat.com/show_bug.cgi?id=609442
- https://jira.jboss.org/browse/JBESB-3345
FAQ
What is CVE-2010-2474?
CVE-2010-2474 is a vulnerability with a CVSS score of 3.5 (LOW). JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remot...
How severe is CVE-2010-2474?
CVE-2010-2474 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2474?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Service Bus, Redhat Jboss Enterprise Soa Platform.