Lucene search
PRIOn knowledge basePRION:CVE-2014-7827HistoryFeb 13, 2015 - 3:59 p.m.
Design/Logic Flaw
2015-02-1315:59:00
PRIOn knowledge base
www.prio-n.com
2
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jboss_enterprise_application_platform | le | 6.3.2 |
References
rhn.redhat.com/errata/RHSA-2015-0215.html
rhn.redhat.com/errata/RHSA-2015-0216.html
rhn.redhat.com/errata/RHSA-2015-0217.html
rhn.redhat.com/errata/RHSA-2015-0218.html
rhn.redhat.com/errata/RHSA-2015-0850.html
rhn.redhat.com/errata/RHSA-2015-0851.html
www.securitytracker.com/id/1031741
exchange.xforce.ibmcloud.com/vulnerabilities/100889
Related
cvelist
cvelist
CVE-2014-7827
2015-02-13 15:00:00
nvd
nvd
CVE-2014-7827
2015-02-13 15:59:04
cve
cve
CVE-2014-7827
2015-02-13 15:59:04
veracode
veracode
Authorization Bypass
2019-01-15 09:04:30
nessus
nessus
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.3.3 update (Moderate) (RHSA-2015:0216)
2015-02-13 00:00:00
RHEL 7 : JBoss EAP (RHSA-2015:0218)
2015-09-01 00:00:00
RHEL 6 : JBoss EAP (RHSA-2015:0217)
2015-02-13 00:00:00
redhat
redhat