WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7849)

Description

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.

Remediation

References

Related Vulnerabilities

Drupal Improper Input Validation Vulnerability (CVE-2022-25273)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0703)

PHP Improper Input Validation Vulnerability (CVE-2010-3709)

Magento Session Fixation Vulnerability (CVE-2019-8116)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (5.0.05)

Severity

Medium

Classification

CVE-2014-7849 CWE-264

Tags

Missing Update Known Vulnerabilities