{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T19:38:00.534","vulnerabilities":[{"cve":{"id":"CVE-2014-0169","sourceIdentifier":"secalert@redhat.com","published":"2020-01-02T20:15:16.663","lastModified":"2024-11-21T02:01:32.593","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application."},{"lang":"es","value":"En JBoss EAP versión 6, un dominio de seguridad está configurado para usar una caché que es compartida entre todas las aplicaciones que están en el dominio de seguridad. Esto podría permitir a un usuario autenticado en una aplicación acceder a recursos protegidos en otra aplicación sin la autorización apropiada. Aunque esta es una funcionalidad prevista, no fue documentada claramente lo que puede inducir a  usuarios a pensar erradamente que una caché de dominio de seguridad está aislada en una única aplicación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/cve-2014-0169","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/cve-2014-0169","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}