VIR Vulnerability Intelligence Relay

CVE-2014-8114

medium
Published 2015-02-20 · Modified 2023-11-08
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

UberFire Framework Improperly Restricts Paths

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-0235.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-0234.html

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.uberfire:uberfire-parent>=0.3.0.Beta5,<=0.3.1.Final

Application impact
VendorProductVersionsFixed
redhatuberfire0.3.0
redhatuberfire0.3.1
redhatuberfire0.3.2
redhatuberfire0.3.3

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.