4
CVE-2014-7849
- EPSS 0.4%
- Veröffentlicht 13.02.2015 15:59:05
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Enterprise Application Platform Version6.2.0
Redhat ≫ Jboss Enterprise Application Platform Version6.2.1
Redhat ≫ Jboss Enterprise Application Platform Version6.2.2
Redhat ≫ Jboss Enterprise Application Platform Version6.2.3
Redhat ≫ Jboss Enterprise Application Platform Version6.2.4
Redhat ≫ Jboss Enterprise Application Platform Version6.3.0
Redhat ≫ Jboss Enterprise Application Platform Version6.3.1
Redhat ≫ Jboss Enterprise Application Platform Version6.3.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.598 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|