-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jboss:jboss-ejb-client | maven | <= 4.0.38 | 4.0.39 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from privileged actions being publicly accessible without proper authorization. The patch added SecurityManager checks and EJBPermission validation to methods handling system properties and context access. Key functions identified are those that previously used AccessController.doPrivileged without security checks, as evidenced by the security-focused modifications in the patch. These functions would appear in runtime profiles when accessing sensitive system properties or client context information.
JavaJavaOngoing coverage of React2Shell