CVE-2015-0297

Red Hat JBoss Operations Network 3.3.1 - Improper Access Control

Title source: llm
STIX 2.1

Description

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0862.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032181

Scores

EPSS 0.0220
EPSS Percentile 80.3%

Details

CWE
CWE-284
Status published
Products (1)
redhat/jboss_operations_network 3.3.1
Published Apr 24, 2015
Tracked Since Feb 18, 2026