Jboss Enterprise Application Platform@6.2.2 Security Vulnerabilities and Issues — Jboss Enterprise Application Platform@6.2.2 CVE List

Lucene search

RedhatJboss Enterprise Application Platform6.2.2

4 matches found

CVE•added 2014/07/07 2:55 p.m.•57 views

CVE-2014-3481

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

5CVSS9.1AI score0.01093EPSS

CVE•added 2015/02/20 4:59 p.m.•47 views

CVE-2014-0005

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.

3.6CVSS8.6AI score0.00207EPSS

CVE•added 2014/04/03 4:15 p.m.•45 views

CVE-2014-0093

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended acce...

5.8CVSS9.2AI score0.0028EPSS

CVE•added 2015/02/13 3:59 p.m.•45 views

CVE-2014-7849

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer...

4CVSS6.2AI score0.004EPSS