Vulnerability Details CVE-2014-0093
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 79.0%
CVSS Severity
CVSS v2 Score 5.8
References
- http://rhn.redhat.com/errata/RHSA-2014-0343.html
- http://rhn.redhat.com/errata/RHSA-2014-0344.html
- http://rhn.redhat.com/errata/RHSA-2014-0345.html
- http://secunia.com/advisories/57675
- http://www.securityfocus.com/bid/66596
- http://rhn.redhat.com/errata/RHSA-2014-0343.html
- http://rhn.redhat.com/errata/RHSA-2014-0344.html
- http://rhn.redhat.com/errata/RHSA-2014-0345.html
- http://secunia.com/advisories/57675
- http://www.securityfocus.com/bid/66596
Products affected by CVE-2014-0093
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2