CVE-2016-5406

high

Description

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1359014

https://access.redhat.com/errata/RHSA-2017:3458

https://access.redhat.com/errata/RHSA-2017:3456

https://access.redhat.com/errata/RHSA-2017:3455

https://access.redhat.com/errata/RHSA-2017:3454

http://rhn.redhat.com/errata/RHSA-2016-1841.html

http://rhn.redhat.com/errata/RHSA-2016-1840.html

http://rhn.redhat.com/errata/RHSA-2016-1839.html

http://rhn.redhat.com/errata/RHSA-2016-1838.html

Details

Source: Mitre, NVD

Published: 2016-09-26

Updated: 2017-12-15

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics