CVE-2010-0737

CWE-732 — Incorrect Permission Assignment5 documents5 sources

Severity

8.0HIGH

EPSS

0.1%

top 67.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Operations Network RED HAT Jboss

Timeline

PublishedOct 30

Latest updateApr 21

Description

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

▶NVDredhat/jboss_operations_network< 2.3.1

▶CVEListV5red_hat/jboss2.3.1

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-25q7-6x5v-rx9h: A missing permission check was found in The CLI in JBoss Operations Network before 2↗2022-04-21

▶

CVEList

CVE-2010-0737: A missing permission check was found in The CLI in JBoss Operations Network before 2↗2019-10-30

▶

📋Vendor Advisories

Red Hat

JBoss ON CLI privilege escalation↗2010-03-18

▶

💬Community

Bugzilla

CVE-2010-0737 JBoss ON CLI privilege escalation↗2011-09-02

▶