CVE-2014-0005

{"id": "CVE-2014-0005", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-02-20T16:59:00.053", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2014-0343.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0344.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0345.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0234.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0235.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application."}, {"lang": "es", "value": "PicketBox y JBossSX, utilizado en Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 y JBoss BRMS anterior a 6.0.3 roll up patch 2, permite a usuarios remotos autenticados leer y modificar la configuraci\u00f3n y estado del servidor de la aplicaci\u00f3n mediante el despliegue de una aplicaci\u00f3n manipulada."}], "lastModified": "2015-03-28T01:59:08.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D9B1401-1FBD-442A-9055-A270BF1A1244"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C68C5458-8456-46BF-AB4F-7731DCDB7A3F", "versionEndIncluding": "6.0.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}