Published: 13/02/2015 Updated: 08/09/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 up to and including 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss enterprise application platform 6.2.4
redhat jboss enterprise application platform 6.3.0
redhat jboss enterprise application platform 6.2.0
redhat jboss enterprise application platform 6.2.1
redhat jboss enterprise application platform 6.2.2
redhat jboss enterprise application platform 6.2.3
redhat jboss enterprise application platform 6.3.1
redhat jboss enterprise application platform 6.3.2

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 633 update Type/Severity Security Advisory: Moderate Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform633 and fix multiple security issues, several bugs, and add variousenhancements are now available for Red ...

CWE-264 http://www.securitytracker.com/id/1031741 https://bugzilla.redhat.com/show_bug.cgi?id=1165170 http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0920.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100890 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2015:0217

CVE-2014-7849

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect