CVE-2015-0297 : Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to cert

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Published 2015-04-24 14:59:06

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-0297

Redhat » Jboss Operations Network » Version: 3.3.1
cpe:2.3:a:redhat:jboss_operations_network:3.3.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-0297

EPSS FAQ

0.55%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-0297

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.0	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:C	10.0	8.5	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Complete

CWE ids for CVE-2015-0297

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0297

http://www.securitytracker.com/id/1032181
http://rhn.redhat.com/errata/RHSA-2015-0862.html

Red Hat Customer Portal
Vendor Advisory

Jump to

Vulnerability Details : CVE-2015-0297

Products affected by CVE-2015-0297

Exploit prediction scoring system (EPSS) score for CVE-2015-0297

CVSS scores for CVE-2015-0297

CWE ids for CVE-2015-0297

References for CVE-2015-0297