Vulnerability Details CVE-2014-0093
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.2%
CVSS Severity
CVSS v2 Score 5.8
References
- http://rhn.redhat.com/errata/RHSA-2014-0343.html
- http://rhn.redhat.com/errata/RHSA-2014-0344.html
- http://rhn.redhat.com/errata/RHSA-2014-0345.html
- http://secunia.com/advisories/57675
- http://www.securityfocus.com/bid/66596
- http://rhn.redhat.com/errata/RHSA-2014-0343.html
- http://rhn.redhat.com/errata/RHSA-2014-0344.html
- http://rhn.redhat.com/errata/RHSA-2014-0345.html
- http://secunia.com/advisories/57675
- http://www.securityfocus.com/bid/66596
Products affected by CVE-2014-0093
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2