VYPR
Medium severity5.9NVD Advisory· Published Jan 2, 2020· Updated Jun 17, 2026

CVE-2014-0245

CVE-2014-0245

Description

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Red Hat/Jboss Portalllm-fuzzy2 versions
    = 6.2.0+ 1 more
    • (no CPE)range: = 6.2.0
    • (no CPE)range: 6.2.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.