Back to search
CVE-2014-7827
Published: Feb 13, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2015:0850
vendor-advisory
x_refsource_REDHAT
RHSA-2015:0215
vendor-advisory
x_refsource_REDHAT
RHSA-2015:0851
vendor-advisory
x_refsource_REDHAT
RHSA-2015:0217
vendor-advisory
x_refsource_REDHAT
RHSA-2015:0218
vendor-advisory
x_refsource_REDHAT
RHSA-2015:0216
vendor-advisory
x_refsource_REDHAT
redhat-jboss-cve20147827-sec-bypass(100889)
vdb-entry
x_refsource_XF
1031741
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now