CVE-2014-7827 — Vulnetix

Try Vulnetix Request Demo

CVE-2014-7827 PUBLISHED

Reported by redhat · Published February 13, 2015

The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, n/a
Maven	org.picketlink:picketlink-federation	2-alpha0, 2-alpha0

Timeline

Feb 13, 2015 CVE Published
Sep 7, 2017 CVE Updated
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

RHSA-2015:0850 vendor-advisoryx_refsource_REDHAT
RHSA-2015:0215 vendor-advisoryx_refsource_REDHAT
RHSA-2015:0851 vendor-advisoryx_refsource_REDHAT
RHSA-2015:0217 vendor-advisoryx_refsource_REDHAT
RHSA-2015:0218 vendor-advisoryx_refsource_REDHAT
RHSA-2015:0216 vendor-advisoryx_refsource_REDHAT
redhat-jboss-cve20147827-sec-bypass(100889) vdb-entryx_refsource_XF
1031741 vdb-entryx_refsource_SECTRACK
https://bugzilla.redhat.com/CVE-2014-7827 url

Open in Interactive Console →