The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-02-13T15:00:00

Updated: 2024-08-06T13:03:27.284Z

Reserved: 2014-10-03T00:00:00

Link: CVE-2014-7849

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-02-13T15:59:05.403

Modified: 2017-09-08T01:29:17.277

Link: CVE-2014-7849

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-02-11T00:00:00Z

Links: CVE-2014-7849 - Bugzilla