CVE-2015-0297
Red Hat JBoss Operations Network 3.3.1 - Improper Access Control
Title source: llmDescription
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0862.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032181
Scores
EPSS
0.0220
EPSS Percentile
80.3%
Details
CWE
CWE-284
Status
published
Products (1)
redhat/jboss_operations_network
3.3.1
Published
Apr 24, 2015
Tracked Since
Feb 18, 2026