CVE-2014-8175 – org.jboss.redhat-fuse:redhat-fuse

Package

Manager: maven
Name: org.jboss.redhat-fuse:redhat-fuse
Vulnerable Version: >=0 <=6.1.0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

EPSS: N/A pctlN/A

Details

Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.

Metadata

Created:
Modified:
Source: MANUAL
CWE IDs: ["CWE-79"]
Alternative ID: N/A
Finding: F008
Auto approve: 1