Lucene search

[email protected]CVE-2014-7827

HistoryFeb 13, 2015 - 3:59 p.m.

CVE-2014-7827

2015-02-1315:59:04

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-7827

red hat

jboss

eap

security bypass

access restrictions

authentication

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.2%

JSON

The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.

Affected configurations

NVD

Node

redhatjboss_enterprise_application_platformRange≤6.3.2

CPENameOperatorVersion
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformle6.3.2

CPE	Name	Operator	Version
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	le	6.3.2

References

rhn.redhat.com/errata/RHSA-2015-0215.html

rhn.redhat.com/errata/RHSA-2015-0216.html

rhn.redhat.com/errata/RHSA-2015-0217.html

rhn.redhat.com/errata/RHSA-2015-0218.html

rhn.redhat.com/errata/RHSA-2015-0850.html

rhn.redhat.com/errata/RHSA-2015-0851.html

www.securitytracker.com/id/1031741

exchange.xforce.ibmcloud.com/vulnerabilities/100889

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.2%

JSON

Related for CVE-2014-7827

cvelist1 veracode1 nvd1 prion1 redhat5 nessus3