CVE-2016-5406

Опубликовано: 26 сент. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

Ссылки

http://rhn.redhat.com/errata/RHSA-2016-1838.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1839.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1840.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1841.html
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3454
https://access.redhat.com/errata/RHSA-2017:3455
https://access.redhat.com/errata/RHSA-2017:3456
https://access.redhat.com/errata/RHSA-2017:3458
https://bugzilla.redhat.com/show_bug.cgi?id=1359014
Issue Tracking
VDB Entry
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1838.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1839.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1840.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1841.html
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3454
https://access.redhat.com/errata/RHSA-2017:3455
https://access.redhat.com/errata/RHSA-2017:3456
https://access.redhat.com/errata/RHSA-2017:3458
https://bugzilla.redhat.com/show_bug.cgi?id=1359014
Issue Tracking
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*

Версия до 7.0.1 (включая)

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01504

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2016-5406

CVSS3: 7.5

redhat

больше 9 лет назад

GHSA-5rw6-f2f7-548c