CVE-2014-0005

CWE-264 CWE-862 — Missing Authorization5 documents5 sources

Severity

3.6LOW

EPSS

0.2%

top 56.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Brms Platform Redhat Jboss Enterprise Application Platform

Timeline

PublishedFeb 20

Latest updateMay 17

Description

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform6.2.2

▶NVDredhat/jboss_enterprise_brms_platform6.0.3

🔴Vulnerability Details

GHSA

GHSA-hxxr-j64h-hx75: PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6↗2022-05-17

▶

CVEList

CVE-2014-0005: PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6↗2015-02-20

▶

📋Vendor Advisories

Red Hat

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application↗2014-03-31

▶

💬Community

Bugzilla

CVE-2014-0005 PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application↗2014-01-08

▶