Lucene search
HistoryApr 21, 2015 - 5:59 p.m.
CVE-2014-3586
cve-2014-3586
red hat
enterprise application platform
wildfly
jboss application server
weak permissions
cli
local users
sensitive information
7.1 High
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.
| CPE | Name | Operator | Version |
|---|---|---|---|
| redhat:jboss_enterprise_application_platform | redhat jboss enterprise application platform | le | 6.3.3 |
Related
veracode
veracode
Information Disclosure
2019-01-15 09:05:33
prion
prion
Default configuration
2015-04-21 17:59:00
ubuntucve
ubuntucve
CVE-2014-3586
2015-04-21 00:00:00
cvelist
cvelist
CVE-2014-3586
2015-04-21 17:00:00
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2015:0847)
2015-04-20 00:00:00
RHEL 5 : JBoss EAP (RHSA-2015:0846)
2015-04-20 00:00:00
RHEL 7 : JBoss EAP (RHSA-2015:0848)
2018-09-04 00:00:00
redhat
redhat
7.1 High
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
Related for CVE-2014-3586