VDB
CVE-2014-7827
CVE-2014-7827
PUBLISHED
Reported by redhat · Published February 13, 2015
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, n/a |
| Maven | org.picketlink:picketlink-federation | 2-alpha0, 2-alpha0 |
Timeline
- Feb 13, 2015 CVE Published
- Sep 7, 2017 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- RHSA-2015:0850 vendor-advisoryx_refsource_REDHAT
- RHSA-2015:0215 vendor-advisoryx_refsource_REDHAT
- RHSA-2015:0851 vendor-advisoryx_refsource_REDHAT
- RHSA-2015:0217 vendor-advisoryx_refsource_REDHAT
- RHSA-2015:0218 vendor-advisoryx_refsource_REDHAT
- RHSA-2015:0216 vendor-advisoryx_refsource_REDHAT
- redhat-jboss-cve20147827-sec-bypass(100889) vdb-entryx_refsource_XF
- 1031741 vdb-entryx_refsource_SECTRACK
- https://bugzilla.redhat.com/CVE-2014-7827 url