CVE-2014-7849
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
67.9%
The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.
Affected configurations
References
rhn.redhat.com/errata/RHSA-2015-0215.html
rhn.redhat.com/errata/RHSA-2015-0216.html
rhn.redhat.com/errata/RHSA-2015-0217.html
rhn.redhat.com/errata/RHSA-2015-0218.html
rhn.redhat.com/errata/RHSA-2015-0920.html
www.securitytracker.com/id/1031741
bugzilla.redhat.com/show_bug.cgi?id=1165170
exchange.xforce.ibmcloud.com/vulnerabilities/100890
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
67.9%