CVE-2014-8115

{"id": "CVE-2014-8115", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-02-20T16:59:03.290", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2015-0234.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0235.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/droolsjbpm/kie-wb-distributions/commit/90eed433d3", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors."}, {"lang": "es", "value": "Las limitaciones de la autorizaci\u00f3n por defecto en KIE Workbench 6.0.x permite a usuarios remotos autenticados leer o escribir a ficheros arbitrarios, evadir las restricciones de acceso, y posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos."}], "lastModified": "2015-03-23T16:53:32.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:kie_workbench:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "780D9EFD-2FE7-4F86-B4F7-035E92B4A336"}, {"criteria": "cpe:2.3:a:redhat:kie_workbench:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52224639-65FA-4BBD-A09E-DB05E202741A"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}