Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 6.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-13 | CVE-2014-7849 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. | 4.0 |
2015-02-13 | CVE-2014-7827 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. | 3.5 |