Lucene search

K

RedhatCVELIST:CVE-2014-3472

HistoryAug 19, 2014 - 6:00 p.m.

CVE-2014-3472

2014-08-1918:00:00

redhat

www.cve.org

6.1 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.7%

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

References

rhn.redhat.com/errata/RHSA-2014-1019.html

rhn.redhat.com/errata/RHSA-2014-1020.html

rhn.redhat.com/errata/RHSA-2014-1021.html

rhn.redhat.com/errata/RHSA-2015-0720.html

www.securityfocus.com/bid/69094

bugzilla.redhat.com/show_bug.cgi?id=1103815

exchange.xforce.ibmcloud.com/vulnerabilities/95170

6.1 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.7%

Related for CVELIST:CVE-2014-3472

veracode1 nvd1 cve1 prion1 redhat6 nessus2