CVE-2014-3586 — Incorrect Permission Assignment in Redhat Jboss Enterprise Application Platform

CWE-264 CWE-732 — Incorrect Permission Assignment5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 76.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedApr 21

Latest updateMay 17

Description

The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform6.3.3

🔴Vulnerability Details

GHSA

GHSA-q4g2-rhrf-wvj6: The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6↗2022-05-17

▶

CVEList

CVE-2014-3586: The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6↗2015-04-21

▶

📋Vendor Advisories

Red Hat

CLI: Insecure default permissions on history file↗2015-03-10

▶

💬Community

Bugzilla

CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file↗2014-08-05

▶