CWE-9

J2EE Misconfiguration: Weak Access Permissions for EJB Methods

AI Translation Available

If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the product.

Status

draft

Abstraction

variant

Affected Platforms

Java

Extended Description

AI Translation

If the EJB deployment descriptor contains one or more method permissions that grant access to the special ANYONE role, it indicates that access control for the application has not been fully thought through or that the application is structured in such a way that reasonable access control restrictions are impossible.

Technical Details

AI Translation

Common Consequences

other

Impacts

other

Potential Mitigations

Phases:

architecture and design system configuration

Descriptions:

• Follow the principle of least privilege when assigning access rights to EJB methods. Permission to invoke EJB methods should not be granted to the ANYONE role.

AI Generated Translation

Common Consequences

altro

Impacts

altro

Potential Mitigations

Phases:

architettura e design configurazione sistema

Descriptions:

• Segui il principio del minimo privilegio quando assegni i diritti di accesso ai metodi EJB. L'autorizzazione all'invocazione dei metodi EJB non dovrebbe essere concessa al ruolo ANYONE.

CWE-9

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter