Home

CVE-2014-3472

Description

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

Risk Information

Base Score
3.7
MODERATE
Vector
AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.241

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2014-3464,CVE-2014-3472,CVE-2014-3490,CVE-2014-7849 are affected in Red Hat JBoss Enterprise Application Platform 7 6.3.0Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234