CVE-2014-0093

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform (JBEAP) version 6.2.2

Description The issue is related to the improper application of permissions defined by a policy file when using a Java Security Manager (JSM). This causes applications to be granted the java.security.AllPermission permission, allowing remote attackers to bypass intended access restrictions.

Recommendations For Red Hat JBoss Enterprise Application Platform (JBEAP) version 6.2.2, consider updating the policy file to properly restrict permissions and ensure the Java Security Manager (JSM) is correctly configured to enforce these restrictions. As a temporary workaround, restrict access to sensitive applications and resources to minimize the risk of exploitation.