CVE-2014-0169
MEDIUMJBoss Enterprise Application Platform 6 - Incorrect Authorization via Shared Security Domain Cache
Title source: llmDescription
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169
Vendor Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2014-0169
Scores
CVSS v3
6.5
EPSS
0.0078
EPSS Percentile
51.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (1)
redhat/jboss_enterprise_application_platform
6.0.0
Published
Jan 02, 2020
Tracked Since
Feb 18, 2026