Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 6.1.1

DATE	CVE	VULNERABILITY TITLE	RISK
2015-02-13	CVE-2014-7827	Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. network redhat CWE-264	3.5
2014-11-17	CVE-2014-0059	Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. local low complexity redhat CWE-200	2.1
2014-07-07	CVE-2014-3481	Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. network low complexity redhat CWE-200	5.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.