CVE-2014-7849

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.

Published: Feb 13, 2015
Updated: Apr 13, 2023
CVE: CVE-2014-7849
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
redhat / jboss_enterprise_application_platform	6.2.4	6.2.4.x
redhat / jboss_enterprise_application_platform	6.3.2	6.3.2.x
redhat / jboss_enterprise_application_platform	6.2.1	6.2.1.x
redhat / jboss_enterprise_application_platform	6.3.1	6.3.1.x
redhat / jboss_enterprise_application_platform	6.2.0	6.2.0.x
redhat / jboss_enterprise_application_platform	6.2.2	6.2.2.x
redhat / jboss_enterprise_application_platform	6.3.0	6.3.0.x
redhat / jboss_enterprise_application_platform	6.2.3	6.2.3.x

Vulnerability Database

289,599

CVE-2014-7849