CVE-2016-5406

Опубликовано: 26 июл. 2016

Источник: redhat

CVSS3: 7.5

CVSS2: 7

EPSS Низкий

Описание

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

The domain controller will not propagate its administrative RBAC configuration to some slaves. An attacker could use this to escalate their privileges.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Enterprise Application Platform 7	DomainManagement	Not affected
Red Hat JBoss EAP 7		Fixed	RHSA-2016:1841	08.09.2016
Red Hat JBoss EAP 7		Fixed	RHSA-2017:3456	13.12.2017
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-activemq-artemis	Fixed	RHSA-2016:1838	08.09.2016
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-apache-cxf	Fixed	RHSA-2016:1838	08.09.2016
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-jberet	Fixed	RHSA-2016:1838	08.09.2016
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-jboss-jstl-api_1.2_spec	Fixed	RHSA-2016:1838	08.09.2016
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-jboss-security-negotiation	Fixed	RHSA-2016:1838	08.09.2016
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-jbossws-common	Fixed	RHSA-2016:1838	08.09.2016
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-jbossws-cxf	Fixed	RHSA-2016:1838	08.09.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1359014EAP7 Privilege escalation when managing domain including earlier version slaves

EPSS

Процентиль: 81%

0.01504

Низкий

7.5 High

CVSS3

7 High

CVSS2

Связанные уязвимости

CVE-2016-5406

CVSS3: 8.8

nvd

больше 9 лет назад

GHSA-5rw6-f2f7-548c