CVE-2014-8175

Impact:
Important
Public Date:
2015-06-23
CWE:
CWE-862
Bugzilla:
1205112: CVE-2014-8175 JBoss Fuse: insufficient access permissions checks when accessing Hawtio console
It was found that JBoss Fuse would allow any user defined in the users.properties file to access the HawtIO console without having a valid admin role. This could allow a remote attacker to bypass intended authentication HawtIO console access restrictions.

Find out more about CVE-2014-8175 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Fuse 6.2 RHSA-2015:1176 2015-06-23
Red Hat JBoss A-MQ 6.2 RHSA-2015:1177 2015-06-23

Acknowledgements

This issue was reported by Jay Kumar SenSharma of Red Hat.
Last Modified