CVE-2014-8175 — Redhat Jboss Fuse vulnerability

CWE-2644 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.2%

top 58.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Fuse

Timeline

PublishedJul 8

Latest updateMay 17

Description

Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/jboss_fuse6.1.0

🔴Vulnerability Details

GHSA

GHSA-75xc-rff6-hh5r: Red Hat JBoss Fuse before 6↗2022-05-17

▶

CVEList

CVE-2014-8175: Red Hat JBoss Fuse before 6↗2015-07-08

▶

💬Community

Bugzilla

CVE-2014-8175 JBoss Fuse: insufficient access permissions checks when accessing Hawtio console↗2015-03-24

▶