CVE-2014-0093

Advisory lineage Upstream: 0 Downstream: 2

Downstream

RHSA-2014:0343 RHSA-2014:0344

Modified

Published: 03 Apr 2014, 15:00

Last modified:06 Aug 2024, 09:05

Vulnerability Summary

Overall Risk (default)

low

23/100

CVSS Score

5.8 MEDIUM

v2.0 (nvd)

EPSS Score

0.28% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

03 Apr 2014, 15:00

Published

Vulnerability first disclosed

06 Aug 2024, 09:05

Last Modified

Vulnerability information updated

Description

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.

CVSS Metrics

v2.0•MEDIUM•Score: 5.8AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.28%• Percentile: 52%

Techniques & Countermeasures

CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

redhat•jboss_enterprise_application_platform
6.2.2