CVE-2014-7853

CWE-200 — Information Exposure CWE-284 — Improper Access Control6 documents6 sources

Severity

4.0MEDIUM

EPSS

0.4%

top 37.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform Redhat Jboss Operations Network

Timeline

PublishedFeb 13

Latest updateMay 17

Description

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform6.3.2

▶NVDredhat/jboss_operations_network3.3.1

🔴Vulnerability Details

GHSA

GHSA-7cr6-g5pc-g6g4: The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6↗2022-05-17

▶

CVEList

CVE-2014-7853: The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6↗2015-02-13

▶

📋Vendor Advisories

Red Hat

Subsystem: Information disclosure via incorrect sensitivity classification of attribute↗2015-02-11

▶

💬Community

Bugzilla

CVE-2014-7853 JBoss AS/WildFly JacORB Subsystem: Information disclosure via incorrect sensitivity classification of attribute↗2014-11-19

▶