CVE-2014-0169
Last modified
CVE-2014-0169 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. EPSS estimates a 0.78% chance of exploitation in the next 30 days.
Description
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 6.0.0 |
References
- https://access.redhat.com/security/cve/cve-2014-0169Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169Issue Tracking, Vendor Advisory
- https://access.redhat.com/security/cve/cve-2014-0169Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-0169?
How severe is CVE-2014-0169?
How do I fix CVE-2014-0169?
Are you affected by CVE-2014-0169?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST