Published: 13/02/2015 Updated: 08/09/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Subscribe to Jboss Enterprise Application Platform

The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss enterprise application platform

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 633 update Type/Severity Security Advisory: Moderate Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform633 and fix multiple security issues, several bugs, and add variousenhancements are now available for Red ...

CWE-264 http://www.securitytracker.com/id/1031741 http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://rhn.redhat.com/errata/RHSA-2015-0850.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100889 https://access.redhat.com/errata/RHSA-2015:0217 https://nvd.nist.gov

CVE-2014-7827

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect