Vulnerability Details : CVE-2014-0169
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.
Products affected by CVE-2014-0169
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0169
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0169
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2014-0169
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0169
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169
1084841 – (CVE-2014-0169) CVE-2014-0169 JBoss EAP: cache is shared between all applications in a security domainIssue Tracking;Vendor Advisory
-
https://access.redhat.com/security/cve/cve-2014-0169
CVE-2014-0169- Red Hat Customer PortalVendor Advisory
Jump to