Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-12167

Опубликовано: 26 июл. 2018
Источник: nvd
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
Версия до 7.0.9 (исключая)
Конфигурация 2

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 16%
0.00051
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-732
CWE-200

Связанные уязвимости

redhat логотип

CVE-2017-12167

CVSS3: 5.5
redhat
больше 8 лет назад

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

github логотип

GHSA-5gp7-3qfp-8548

CVSS3: 5.5
github
больше 3 лет назад

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

EPSS

Процентиль: 16%
0.00051
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-732
CWE-200