It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.
Published 2020-01-02 20:15:18
Updated 2020-01-14 17:15:03
Source Red Hat, Inc.
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-0245

0.34%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-0245

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.3
MEDIUM AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
NIST
5.9
MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.2
3.6
NIST

CWE ids for CVE-2014-0245

References for CVE-2014-0245

Products affected by CVE-2014-0245

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!