CVE-2014-0169 Information

Description

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://access.redhat.com/security/cve/cve-2014-0169 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5