CVE-2014-0005

Description

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.

CVSS Metrics

• v2.0•LOW•Score: 3.6AV:L/AC:L/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.21%• Percentile: 43%

Techniques & Countermeasures

• CWE-264•Permissions, Privileges, and Access Controls

  Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

• redhat•jboss_enterprise_application_platform

  6.2.2

• redhat•jboss_enterprise_brms_platform

  ≤ 6.0.3

References (6)

• http://rhn.redhat.com/errata/RHSA-2014-0345.html
• http://rhn.redhat.com/errata/RHSA-2015-0234.html
• http://rhn.redhat.com/errata/RHSA-2015-0720.html
• http://rhn.redhat.com/errata/RHSA-2015-0235.html
• http://rhn.redhat.com/errata/RHSA-2014-0344.html
• http://rhn.redhat.com/errata/RHSA-2014-0343.html