4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
jbossas-welcome-content-eap is vulnerable to authorization bypass. The vulnerability exists as it does not properly verify authorization conditions, allowing remotely authenticated users to add, modify, and undefine restricted attributes by using the Maintainer role.
rhn.redhat.com/errata/RHSA-2015-0215.html
rhn.redhat.com/errata/RHSA-2015-0215.html
rhn.redhat.com/errata/RHSA-2015-0216.html
rhn.redhat.com/errata/RHSA-2015-0216.html
rhn.redhat.com/errata/RHSA-2015-0217.html
rhn.redhat.com/errata/RHSA-2015-0217.html
rhn.redhat.com/errata/RHSA-2015-0218.html
rhn.redhat.com/errata/RHSA-2015-0218.html
rhn.redhat.com/errata/RHSA-2015-0920.html
rhn.redhat.com/errata/RHSA-2015-0920.html
www.securitytracker.com/id/1031741
www.securitytracker.com/id/1031741
access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=33893&product=appplatform&version=6.3&downloadType=patches#eap63_details
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1165170
bugzilla.redhat.com/show_bug.cgi?id=1165170
bugzilla.redhat.com/show_bug.cgi?id=1179415
bugzilla.redhat.com/show_bug.cgi?id=1179418
bugzilla.redhat.com/show_bug.cgi?id=1179426
bugzilla.redhat.com/show_bug.cgi?id=1179429
bugzilla.redhat.com/show_bug.cgi?id=1179433
bugzilla.redhat.com/show_bug.cgi?id=1179436
bugzilla.redhat.com/show_bug.cgi?id=1179439
bugzilla.redhat.com/show_bug.cgi?id=1179443
bugzilla.redhat.com/show_bug.cgi?id=1181731
bugzilla.redhat.com/show_bug.cgi?id=1181734
bugzilla.redhat.com/show_bug.cgi?id=1181737
bugzilla.redhat.com/show_bug.cgi?id=1181741
bugzilla.redhat.com/show_bug.cgi?id=1181746
bugzilla.redhat.com/show_bug.cgi?id=1181749
bugzilla.redhat.com/show_bug.cgi?id=1181757
bugzilla.redhat.com/show_bug.cgi?id=1181760
bugzilla.redhat.com/show_bug.cgi?id=1181837
exchange.xforce.ibmcloud.com/vulnerabilities/100890
exchange.xforce.ibmcloud.com/vulnerabilities/100890
rhn.redhat.com/errata/RHSA-2015-0216.html