CVE-2014-0245 is a vulnerability in Red Hat Jboss Portal
Published on January 2, 2020
It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.
Products Associated with CVE-2014-0245
Want to know whenever a new CVE is published for Red Hat Jboss Portal? stack.watch will email you.
Affected Versions
Red Hat JBoss Portal Version 6.2.0 is affected by CVE-2014-0245Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.