Lucene search
RedhatCVE-2014-3586HistoryApr 21, 2015 - 5:59 p.m.
CVE-2014-3586
2015-04-2117:59:00
CWE-264
redhat
web.nvd.nist.gov
40
cve-2014-3586
red hat
enterprise application platform
wildfly
jboss application server
weak permissions
cli
local users
sensitive information
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
High
EPSS
0
Percentile
5.1%
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.
Affected configurations
Node
redhatjboss_enterprise_application_platformRange≤6.3.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | jboss_enterprise_application_platform | * | cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:* |
Related
prion
prion
Default configuration
2015-04-21 17:59:00
veracode
veracode
Information Disclosure
2019-01-15 09:05:33
ubuntucve
ubuntucve
CVE-2014-3586
2015-04-21 00:00:00
cvelist
cvelist
CVE-2014-3586
2015-04-21 17:00:00
nvd
nvd
CVE-2014-3586
2015-04-21 17:59:00
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2015:0847)
2015-04-20 00:00:00
RHEL 5 : JBoss EAP (RHSA-2015:0846)
2015-04-20 00:00:00
RHEL 7 : JBoss EAP (RHSA-2015:0848)
2018-09-04 00:00:00
redhat
redhat
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVE-2014-3586