{"api_version":"1","generated_at":"2026-04-23T02:36:00+00:00","cve":"CVE-2014-0005","urls":{"html":"https://cve.report/CVE-2014-0005","api":"https://cve.report/api/cve/CVE-2014-0005.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-0005","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-0005"},"summary":{"title":"CVE-2014-0005","description":"PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2015-02-20 16:59:00","updated_at":"2015-03-28 01:59:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2015-0235.html","name":"RHSA-2015:0235","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-0343.html","name":"RHSA-2014:0343","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-0344.html","name":"RHSA-2014:0344","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0234.html","name":"RHSA-2015:0234","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","name":"RHSA-2015:0720","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-0345.html","name":"RHSA-2014:0345","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-0005","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0005","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"5","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"6.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"5","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"6.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"5","vulnerable":"1","versionEndIncluding":"6.0.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_brms_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2014-0005","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0234.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2015-0234.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0235.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2015-0235.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-0343.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2014-0343.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-0344.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2014-0344.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-0345.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2014-0345.html"}]}},"nvd":{"publishedDate":"2015-02-20 16:59:00","lastModifiedDate":"2015-03-28 01:59:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.6},"severity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"5","Ordinal":"66638","Title":"CVE-2014-0005","CVE":"CVE-2014-0005","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"5","Ordinal":"1","NoteData":"PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"5","Ordinal":"2","NoteData":"2015-02-20","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"5","Ordinal":"3","NoteData":"2015-03-26","Type":"Other","Title":"Modified"}]}}}