CVE-2014-7853 — Vulnetix

Try Vulnetix Request Demo

CVE-2014-7853 PUBLISHED CVSS 4 MEDIUM

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.

EPSS 0.43% · 62.3th percentile

Risk Scores

CVSS v2.0

4

EPSS Score

0.43%

62.3th percentile

Affected Products

Vendor	Product	Versions
redhat	jboss_operations_network	3.3.1
redhat	jboss_enterprise_application_platform	0
n/a	n/a	n/a

Timeline

Feb 13, 2015 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

redhat-jboss-cve20147853-info-disc(100891) vdb
RHSA-2015:0920 vendor-advisory
RHSA-2015:0215 vendor-advisory
RHSA-2015:0217 vendor-advisory
RHSA-2015:0218 vendor-advisory
RHSA-2015:0216 vendor-advisory
1031741 vdb
https://nvd.nist.gov/vuln/detail/CVE-2014-7853 advisory

Open in Interactive Console →