CVE-2014-7849 Information

Description

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions which allows remote authenticated users to add modify and undefine otherwise restricted attributes by leveraging the Maintainer role.

Reference

http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0920.html http://www.securitytracker.com/id/1031741 https://bugzilla.redhat.com/show_bug.cgi?id=1165170 https://exchange.xforce.ibmcloud.com/vulnerabilities/100890