CVE-2010-2474

CWE-20Improper Input Validation5 documents5 sources
Severity
3.5LOW
EPSS
0.3%
top 51.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Jboss Enterprise Service BUSRedhat Jboss Enterprise SOA Platform
Timeline
PublishedAug 10
Latest updateMay 17

Description

JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-gq7m-hr2g-v7j8: JBoss Enterprise Service Bus (ESB) before 42022-05-17
CVEList
CVE-2010-2474: JBoss Enterprise Service Bus (ESB) before 42010-08-09

📋Vendor Advisories

1
Red Hat
JBoss ESB privilege escalation in cross-domain contexts2010-06-11

💬Community

1
Bugzilla
CVE-2010-2474 JBoss ESB privilege escalation in cross-domain contexts2010-06-30
CVE-2010-2474 (LOW CVSS 3.5) | JBoss Enterprise Service Bus (ESB) | cvebase.io