CVE-2016-2171

CWE-2643 documents3 sources
Severity
7.5HIGH
EPSS
10.3%
top 6.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Jetspeed
Timeline
PublishedApr 11
Latest updateMay 17

Description

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDapache/jetspeed2.3.0

Patches

Patch: portals.apache.orgPatch: portals.apache.org

🔴Vulnerability Details

2
GHSA
GHSA-q4gp-393m-x83p: The User Manager service in Apache Jetspeed before 22022-05-17
CVEList
CVE-2016-2171: The User Manager service in Apache Jetspeed before 22016-04-11
CVE-2016-2171 (HIGH CVSS 7.5) | The User Manager service in Apache | cvebase.io