CVE-2014-3586

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Application Platform versions prior to 6.4.0 WildFly (formerly JBoss Application Server) (affected versions not specified)

Description The issue concerns the default configuration for the Command Line Interface in the affected software, which uses weak permissions for .jboss-cli-history. This weakness allows local users to obtain sensitive information via unspecified vectors.

Recommendations For Red Hat Enterprise Application Platform versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue. For WildFly (formerly JBoss Application Server), at the moment, there is no information about a newer version that contains a fix for this vulnerability.