Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-7849

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-7849
Last Modified 11 May 2015 10:01:52
Published 13 Feb 2015 10:59:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-7849

Summary

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 6.2.0

  • Redhat Jboss Enterprise Application Platform 6.2.1

  • Redhat Jboss Enterprise Application Platform 6.2.2

  • Redhat Jboss Enterprise Application Platform 6.2.3

  • Redhat Jboss Enterprise Application Platform 6.2.4

  • Redhat Jboss Enterprise Application Platform 6.3.0

  • Redhat Jboss Enterprise Application Platform 6.3.1

  • Redhat Jboss Enterprise Application Platform 6.3.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1165170

SECTRACK - 1031741

REDHAT - RHSA-2015:0218

REDHAT - RHSA-2015:0217

REDHAT - RHSA-2015:0216

REDHAT - RHSA-2015:0215

XF - redhat-jboss-cve20147849-sec-bypass(100890)

REDHAT - RHSA-2015:0920


Last Updated: 27 May 2016 11:07:50