Description

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.

Remediation

References

CVE-2014-7849

Related Vulnerabilities

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23064)

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-0221)

MySQL CVE-2021-2061 Vulnerability (CVE-2021-2061)

WordPress Plugin Advanced Post Type Ratings Cross-Site Scripting (1.01)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2019-11039)

Severity

Medium

Classification

CVE-2014-7849 CWE-264

Tags

Missing Update Known Vulnerabilities