Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2014-7849 - Vulnerability Database
Jboss EAP

Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2014-7849

Medium
Reference: CVE-2014-7849
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-7849
Title: Jboss EAP Permissions Privileges and Access Controls Vulnerability
Overview:

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions which allows remote authenticated users to add modify and undefine otherwise restricted attributes by leveraging the Maintainer role.