Lucene search

[email protected]NVD:CVE-2014-8115

HistoryFeb 20, 2015 - 4:59 p.m.

CVE-2014-8115

2015-02-2016:59:03

CWE-264

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.1%

JSON

The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors.

Affected configurations

NVD

Node

redhatkie_workbenchMatch6.0.0

redhatkie_workbenchMatch6.0.1

References

rhn.redhat.com/errata/RHSA-2015-0234.html

rhn.redhat.com/errata/RHSA-2015-0235.html

github.com/droolsjbpm/kie-wb-distributions/commit/90eed433d3

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.1%

JSON

Related for NVD:CVE-2014-8115

cve1 prion1 cvelist1 redhat2