CVE-2016-5406 — Redhat Jboss Enterprise Application Platform vulnerability

CWE-2645 documents5 sources

Severity

8.8HIGHNVD

EPSS

1.5%

top 18.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedSep 26

Latest updateMay 17

Description

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform7.0.1

🔴Vulnerability Details

GHSA

GHSA-5rw6-f2f7-548c: The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7↗2022-05-17

▶

CVEList

CVE-2016-5406: The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7↗2016-09-26

▶

📋Vendor Advisories

Red Hat

EAP7 Privilege escalation when managing domain including earlier version slaves↗2016-07-26

▶

💬Community

Bugzilla

CVE-2016-5406 EAP7 Privilege escalation when managing domain including earlier version slaves↗2016-07-22

▶