CVE-2014-8115

The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2015-0234.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0235.html	Vendor Advisory
https://github.com/droolsjbpm/kie-wb-distributions/commit/90eed433d3
http://rhn.redhat.com/errata/RHSA-2015-0234.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0235.html	Vendor Advisory
https://github.com/droolsjbpm/kie-wb-distributions/commit/90eed433d3

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:kie_workbench:6.0.0:::::::*
	cpe:2.3:a:redhat:kie_workbench:6.0.1:::::::*

History

21 Nov 2024, 02:18

Type	Values Removed	Values Added
References	~~() http://rhn.redhat.com/errata/RHSA-2015-0234.html - Vendor Advisory~~	() http://rhn.redhat.com/errata/RHSA-2015-0234.html - Vendor Advisory
References	~~() http://rhn.redhat.com/errata/RHSA-2015-0235.html - Vendor Advisory~~	() http://rhn.redhat.com/errata/RHSA-2015-0235.html - Vendor Advisory
References	~~() https://github.com/droolsjbpm/kie-wb-distributions/commit/90eed433d3 -~~	() https://github.com/droolsjbpm/kie-wb-distributions/commit/90eed433d3 -

Information

Published : 2015-02-20 16:59

Updated : 2024-11-21 02:18

NVD link : CVE-2014-8115

Mitre link : CVE-2014-8115

CVE.ORG link : CVE-2014-8115

JSON object : View

Products Affected

redhat

kie_workbench

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-8115", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-02-20T16:59:03.290", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2015-0234.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0235.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/droolsjbpm/kie-wb-distributions/commit/90eed433d3", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0234.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0235.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/droolsjbpm/kie-wb-distributions/commit/90eed433d3", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors."}, {"lang": "es", "value": "Las limitaciones de la autorizaci\u00f3n por defecto en KIE Workbench 6.0.x permite a usuarios remotos autenticados leer o escribir a ficheros arbitrarios, evadir las restricciones de acceso, y posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-11-21T02:18:35.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:kie_workbench:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "780D9EFD-2FE7-4F86-B4F7-035E92B4A336"}, {"criteria": "cpe:2.3:a:redhat:kie_workbench:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52224639-65FA-4BBD-A09E-DB05E202741A"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}