Description

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.

Remediation

References

CVE-2014-0093

Related Vulnerabilities

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9046)

WordPress Plugin Simple Events Calendar SQL Injection (1.4.0)

Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-23793)

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2011-3192)

Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2018-8034)

Severity

Medium

Classification

CVE-2014-0093 CWE-264

Tags

Missing Update Known Vulnerabilities