CVE-2015-0297

2015-04-2414:00:00

redhat

www.cve.org

7.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

References

rhn.redhat.com/errata/RHSA-2015-0862.html

www.securitytracker.com/id/1032181