CVE-2014-7827Incorrect Authorization in Redhat Jboss Enterprise Application Platform

CWE-264CWE-863Incorrect Authorization5 documents5 sources
Severity
3.5LOWNVD
EPSS
0.3%
top 45.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss Enterprise Application Platform
Timeline
PublishedFeb 13
Latest updateMay 17

Description

The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hgx6-q6mp-88m2: The org2022-05-17
CVEList
CVE-2014-7827: The org2015-02-13

📋Vendor Advisories

1
Red Hat
Security: Wrong security context loaded when using SAML2 STS Login Module2015-02-11

💬Community

1
Bugzilla
CVE-2014-7827 JBoss Security: Wrong security context loaded when using SAML2 STS Login Module2014-11-05
CVE-2014-7827 — Incorrect Authorization in Redhat | cvebase