VDB
CVE-2014-7853
CVE-2014-7853
PUBLISHED
CVSS 4 MEDIUM
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.
EPSS 0.43% · 62.8th percentile
Risk Scores
CVSS 2.0
4
EPSS Score
0.43%
62.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | jboss_operations_network | 3.3.1 |
| redhat | jboss_enterprise_application_platform | 0 |
| n/a | n/a | n/a |
Exploit Intelligence
- redhat-jboss-cve20147853-info-disc(100891) (circl)
- RHSA-2015:0920 (circl)
- RHSA-2015:0215 (circl)
- RHSA-2015:0217 (circl)
- RHSA-2015:0218 (circl)
- RHSA-2015:0216 (circl)
- 1031741 (circl)
Timeline
- Feb 13, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- redhat-jboss-cve20147853-info-disc(100891) vdb
- RHSA-2015:0920 vendor-advisory
- RHSA-2015:0215 vendor-advisory
- RHSA-2015:0217 vendor-advisory
- RHSA-2015:0218 vendor-advisory
- RHSA-2015:0216 vendor-advisory
- 1031741 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2014-7853 advisory