CVE-2014-7827

Current Description

The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.

Basic Data

PublishedFebruary 13, 2015
Last ModifiedSeptember 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score3.5
SeverityLOW
Exploitability Score6.8
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatJboss Enterprise Application Platform********6.3.2

Vulnerable Software List

VendorProductVersions
Redhat Jboss Enterprise Application Platform *

References

NameSourceURLTags
RHSA-2015:0215http://rhn.redhat.com/errata/RHSA-2015-0215.htmlREDHATVendor Advisory
RHSA-2015:0216http://rhn.redhat.com/errata/RHSA-2015-0216.htmlREDHATVendor Advisory
RHSA-2015:0217http://rhn.redhat.com/errata/RHSA-2015-0217.htmlREDHATVendor Advisory
RHSA-2015:0218http://rhn.redhat.com/errata/RHSA-2015-0218.htmlREDHATVendor Advisory
RHSA-2015:0850http://rhn.redhat.com/errata/RHSA-2015-0850.htmlREDHAT
RHSA-2015:0851http://rhn.redhat.com/errata/RHSA-2015-0851.htmlREDHAT
1031741http://www.securitytracker.com/id/1031741SECTRACK
redhat-jboss-cve20147827-sec-bypass(100889)https://exchange.xforce.ibmcloud.com/vulnerabilities/100889XF