Lucene search

[email protected]CVE-2014-3472

HistoryAug 19, 2014 - 6:55 p.m.

CVE-2014-3472

2014-08-1918:55:01

CWE-264

[email protected]

web.nvd.nist.gov

security

jboss

access restrictions

cve-2014-3472

nvd

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.7%

JSON

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

Affected configurations

NVD

Node

redhatjboss_enterprise_application_platformMatch6.3.0

CPENameOperatorVersion
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq6.3.0

CPE	Name	Operator	Version
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	6.3.0

References

rhn.redhat.com/errata/RHSA-2014-1019.html

rhn.redhat.com/errata/RHSA-2014-1020.html

rhn.redhat.com/errata/RHSA-2014-1021.html

rhn.redhat.com/errata/RHSA-2015-0720.html

www.securityfocus.com/bid/69094

bugzilla.redhat.com/show_bug.cgi?id=1103815

exchange.xforce.ibmcloud.com/vulnerabilities/95170

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.7%

JSON

Related for CVE-2014-3472

veracode1 cvelist1 nvd1 prion1 redhat6 nessus2