← Back

CVE-2014-0121

nvd nist
Published: Dec 29, 2017Modified: May 13, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.

Affected (2)

Products: Hawt: Hawtio · Redhat: Jboss Fuse
Hawt
1 product
Hawtio
Redhat
1 product
Jboss Fuse
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Hawtio
Up to 1.2.2
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Jboss Fuse
Version 6.1.0 beta

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory

Timeline

No history available yet.