Main Vulnerability Database Vulnerabilities #VU41392

Permissions, Privileges, and Access Controls in JBoss Enterprise Application Platform - CVE-2014-3472

Published: August 19, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41392

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-3472

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
JBoss Enterprise Application Platform

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

How to mitigate CVE-2014-3472

Install update from vendor's website.

Permissions, Privileges, and Access Controls in JBoss Enterprise Application Platform - CVE-2014-3472

Detailed vulnerability description

How to mitigate CVE-2014-3472

Sources

Please verify you're human