In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.
Find out more about CVE-2014-0018 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 1.9 |
---|---|
Base Metrics | AV:L/AC:M/Au:N/C:N/I:P/A:N |
Access Vector | Local |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (jboss-as-server) | RHSA-2014:0171 | 2014-02-13 |
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server (jboss-as-server) | RHSA-2014:0170 | 2014-02-13 |
Platform | Package | State |
---|---|---|
Red Hat JBoss Portal Platform 6 | jboss-as-server | Will not fix |
Red Hat JBoss Operations Network 3 | jboss-as-server | Not affected |
Red Hat JBoss Fuse Service Works 6 | jboss-as-server | Will not fix |
Red Hat JBoss EAP 5 | jboss-as-server | Not affected |
Red Hat JBoss Data Virtualization 6 | jboss-as-server | Not affected |
Red Hat JBoss Data Grid 6 | jboss-as-server | Not affected |
Red Hat JBoss BRMS 6 | jboss-as-server | Will not fix |
Red Hat JBoss BPMS 6 | jboss-as-server | Will not fix |