CVE-2014-0018

2014-02-1415:55:05

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-0018

red hat

jboss

eap

wildfly

security

privilege escalation

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.

Affected configurations

NVD

Node

redhatjboss_enterprise_application_platformMatch6.2.0

redhatjboss_wildfly_application_serverMatch-

CPENameOperatorVersion
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq6.2.0
redhat:jboss_wildfly_application_serverredhat jboss wildfly application servereq-

CPE	Name	Operator	Version
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	6.2.0
redhat:jboss_wildfly_application_server	redhat jboss wildfly application server	eq	-