CVE-2014-7849

EUVD-2014-7699
The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
redhatjboss_enterprise_application_platform
6.2.0
redhatjboss_enterprise_application_platform
6.2.1
redhatjboss_enterprise_application_platform
6.2.2
redhatjboss_enterprise_application_platform
6.2.3
redhatjboss_enterprise_application_platform
6.2.4
redhatjboss_enterprise_application_platform
6.3.0
redhatjboss_enterprise_application_platform
6.3.1
redhatjboss_enterprise_application_platform
6.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2015-0215.html
http://rhn.redhat.com/errata/RHSA-2015-0216.html
http://rhn.redhat.com/errata/RHSA-2015-0217.html
http://rhn.redhat.com/errata/RHSA-2015-0218.html
http://rhn.redhat.com/errata/RHSA-2015-0920.html
http://www.securitytracker.com/id/1031741
https://bugzilla.redhat.com/show_bug.cgi?id=1165170
https://exchange.xforce.ibmcloud.com/vulnerabilities/100890
http://rhn.redhat.com/errata/RHSA-2015-0215.html
http://rhn.redhat.com/errata/RHSA-2015-0216.html
http://rhn.redhat.com/errata/RHSA-2015-0217.html
http://rhn.redhat.com/errata/RHSA-2015-0218.html
http://rhn.redhat.com/errata/RHSA-2015-0920.html
http://www.securitytracker.com/id/1031741
https://bugzilla.redhat.com/show_bug.cgi?id=1165170
https://exchange.xforce.ibmcloud.com/vulnerabilities/100890