CVE-2014-7849
First published: Tue Nov 18 2014(Updated: )
It was discovered that the Role Based Access Control (RBAC) implementation did not sufficiently verify all authorization conditions required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role can use this flaw to add, modify or undefine a limited set of attributes and their values which otherwise cannot be written to.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Enterprise Application Platform | =6.2.0 | |
| JBoss Enterprise Application Platform | =6.2.1 | |
| JBoss Enterprise Application Platform | =6.2.2 | |
| JBoss Enterprise Application Platform | =6.2.3 | |
| JBoss Enterprise Application Platform | =6.2.4 | |
| JBoss Enterprise Application Platform | =6.3.0 | |
| JBoss Enterprise Application Platform | =6.3.1 | |
| JBoss Enterprise Application Platform | =6.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2015-0215.html
- https://rhn.redhat.com/errata/RHSA-2015-0217.html
- https://rhn.redhat.com/errata/RHSA-2015-0216.html
- https://rhn.redhat.com/errata/RHSA-2015-0218.html
- https://rhn.redhat.com/errata/RHSA-2015-0920.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1165170
- http://rhn.redhat.com/errata/RHSA-2015-0215.html
- http://rhn.redhat.com/errata/RHSA-2015-0216.html
- http://rhn.redhat.com/errata/RHSA-2015-0217.html
- http://rhn.redhat.com/errata/RHSA-2015-0218.html
- http://rhn.redhat.com/errata/RHSA-2015-0920.html
- http://www.securitytracker.com/id/1031741
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100890
Frequently Asked Questions
What is the severity of CVE-2014-7849?
CVE-2014-7849 is classified as a medium severity vulnerability due to insufficient verification of authorization conditions.
How do I fix CVE-2014-7849?
To mitigate CVE-2014-7849, update the Red Hat JBoss Enterprise Application Platform to a version that includes the necessary patches.
Which versions of JBoss are affected by CVE-2014-7849?
CVE-2014-7849 affects Red Hat JBoss Enterprise Application Platform versions 6.2.0 through 6.3.2.
What type of vulnerability is CVE-2014-7849?
CVE-2014-7849 is an access control vulnerability that allows unauthorized actions by authenticated users with the Maintainer role.
Who is impacted by CVE-2014-7849?
Authenticated users with the Maintainer role in the affected versions of Red Hat JBoss Enterprise Application Platform are impacted by CVE-2014-7849.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-7849
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/redhat
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/6.2.0
- version/jboss enterprise application platform/6.2.1
- version/jboss enterprise application platform/6.2.2
- version/jboss enterprise application platform/6.2.3
- version/jboss enterprise application platform/6.2.4
- version/jboss enterprise application platform/6.3.0
- version/jboss enterprise application platform/6.3.1
- version/jboss enterprise application platform/6.3.2