CVE-2014-7827
Description
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.
Risk Information
Base Score
2.6
MODERATE
Vector
AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.316
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-7827,CVE-2014-7849,CVE-2014-7853 are affected in Red Hat JBoss Enterprise Application Platform 7 6.3.2 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234