CVE-2014-0169

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Jboss Eap
Vendor: CVE Published:; 2 January 2020

Summary

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.

Affected Version(s)

JBoss EAP 6

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169

x_refsource_MISC

https://access.redhat.com/security/cve/cve-2014-0169

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2020
Vulnerability Reserved
Dec 3, 2013

Collectors

NVD DatabaseMitre Database