CVE-2014-7827

Security: Wrong security context loaded when using SAML2 STS Login Module

Severity Score

3.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.

La implementación org.jboss.security.plugins.mapping.JBossMappingManager en JBoss Security en Red Hat JBoss Enterprise Application Platform (EAP) anterior a 6.3.3 utiliza el dominio de seguridad por defecto cuando un dominio de seguridad no está definido, lo que permite a usuarios remotos autenticados evadir las restricciones de acceso mediante el aprovechamiento de las credenciales en el dominio por defecto para un rol que también está en el dominio de la aplicación.

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the expected application domain, could perform actions that were otherwise not available to them. When using the SAML2 STS Login Module, JBossMappingManager exposed this issue due to the PicketLink Trust SecurityActions implementation using a hardcoded default value when defining the context.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-10-03 CVE Reserved
2015-02-12 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls
CWE-863: Incorrect Authorization

CAPEC

References (10)

URL	Tag	Source
http://www.securitytracker.com/id/1031741	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/100889	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2015-0215.html	2017-09-08
http://rhn.redhat.com/errata/RHSA-2015-0216.html	2017-09-08
http://rhn.redhat.com/errata/RHSA-2015-0217.html	2017-09-08
http://rhn.redhat.com/errata/RHSA-2015-0218.html	2017-09-08
http://rhn.redhat.com/errata/RHSA-2015-0850.html	2017-09-08
http://rhn.redhat.com/errata/RHSA-2015-0851.html	2017-09-08
https://access.redhat.com/security/cve/CVE-2014-7827	2015-04-16
https://bugzilla.redhat.com/show_bug.cgi?id=1160574	2015-04-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"				<= 6.3.2 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version " <= 6.3.2"		-		Affected