CVE-2014-7849
N/A
N/A
Summary
The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://rhn.redhat.com/errata/RHSA-2015-0920.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100890
- http://rhn.redhat.com/errata/RHSA-2015-0215.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1165170
- http://rhn.redhat.com/errata/RHSA-2015-0217.html
- http://rhn.redhat.com/errata/RHSA-2015-0218.html
- http://rhn.redhat.com/errata/RHSA-2015-0216.html
- http://www.securitytracker.com/id/1031741
References
- http://rhn.redhat.com/errata/RHSA-2015-0920.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100890
- http://rhn.redhat.com/errata/RHSA-2015-0215.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1165170
- http://rhn.redhat.com/errata/RHSA-2015-0217.html
- http://rhn.redhat.com/errata/RHSA-2015-0218.html
- http://rhn.redhat.com/errata/RHSA-2015-0216.html
- http://www.securitytracker.com/id/1031741
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.