Описание
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
It was found that JBoss Fuse would allow any user defined in the users.properties file to access the HawtIO console without having a valid admin role. This could allow a remote attacker to bypass intended authentication HawtIO console access restrictions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | fuse-6.1 | Affected | ||
| Red Hat JBoss A-MQ 6.2 | Fixed | RHSA-2015:1177 | 23.06.2015 | |
| Red Hat JBoss Fuse 6.2 | Fixed | RHSA-2015:1176 | 23.06.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
EPSS
6.8 Medium
CVSS2