Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 6.2.4

DATE	CVE	VULNERABILITY TITLE	RISK
2015-02-13	CVE-2014-7849	Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. network low complexity redhat CWE-264	4.0
2015-02-13	CVE-2014-7827	Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. network redhat CWE-264	3.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.