CVE-2014-0169 — MEDIUM (6.5)

Vulnerability Description

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Jboss Enterprise Application Platform	6.0.0

Related Weaknesses (CWE)

CWE-863

References

https://access.redhat.com/security/cve/cve-2014-0169Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169Issue TrackingVendor Advisory
https://access.redhat.com/security/cve/cve-2014-0169Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169Issue TrackingVendor Advisory

FAQ

What is CVE-2014-0169?

CVE-2014-0169 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to acce...

How severe is CVE-2014-0169?

CVE-2014-0169 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0169?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform.