CVE-2016-5422
published 2016-09-07CVE-2016-5422: The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | jboss_operations_network | <= 3.3.6 | — |