CVE-2016-5422

CWE-264 CWE-2855 documents5 sources

Severity

8.8HIGH

EPSS

0.7%

top 27.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Operations Network

Timeline

PublishedSep 7

Latest updateMay 17

Description

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDredhat/jboss_operations_network3.3.6

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-m8fx-9gm9-phm3: The web console in Red Hat JBoss Operations Network (JON) before 3↗2022-05-17

▶

CVEList

CVE-2016-5422: The web console in Red Hat JBoss Operations Network (JON) before 3↗2016-09-07

▶

📋Vendor Advisories

Red Hat

JON3: privilege escalation via improper authorization↗2016-08-31

▶

💬Community

Bugzilla

CVE-2016-5422 JON3: privilege escalation via improper authorization↗2016-08-01

▶