Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 6.2.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-13 | CVE-2014-7853 | Information Exposure vulnerability in Redhat products The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. | 4.0 |
2015-02-13 | CVE-2014-7849 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. | 4.0 |
2015-02-13 | CVE-2014-7827 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. | 3.5 |
2014-11-17 | CVE-2014-0059 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. | 2.1 |
2014-07-07 | CVE-2014-3481 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. | 5.0 |
2014-04-03 | CVE-2014-0093 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform 6.2.2 Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions. | 5.8 |