Описание
The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors.
It was discovered that the default authorization constrains applied on servelets deployed in the KIE Workbench application were insufficient. A remote, authenticated user without sufficient privileges could use this flaw to upload or download arbitrary files, perform privileged actions that otherwise cannot be accessed, or perform other more complex attacks.
Отчет
Red Hat JBoss BRMS 5 is now in Phase 3, Extended Life Support, of its life cycle. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | droolsjbpm | Will not fix | ||
| Red Hat JBoss BPMS 6.0 | kie-workbench | Fixed | RHSA-2015:0234 | 17.02.2015 |
| Red Hat JBoss BRMS 6.0 | kie-workbench | Fixed | RHSA-2015:0235 | 17.02.2015 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS2
Связанные уязвимости
The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors.
The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors.
5.5 Medium
CVSS2