Thread Safety Issue in JBoss Portal by Red Hat
CVE-2014-0245

5.9MEDIUM

Key Information:

Vendor
Red Hat
Status
Jboss Portal
Vendor
CVE Published:
2 January 2020

Summary

A thread safety vulnerability exists in the GTNSubjectCreatingInterceptor class of the GateIn WSRP implementation within JBoss Portal 6.2.0. Under high concurrency scenarios or notably long SOAP message executions, an unauthenticated remote attacker could exploit this vulnerability to access privileged information. This is particularly concerning if WS-Security is enabled for the WSRP Consumer and the endpoint is accessed by a privileged user, creating a potential attack vector that compromises data integrity and confidentiality.

Affected Version(s)

JBoss Portal 6.2.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-0245
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:1009
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.