CVE-2016-7066

CWE-266 CWE-2755 documents5 sources

Severity

7.8HIGH

EPSS

0.0%

top 92.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform RED HAT Jboss Enterprise Application Platform

Timeline

PublishedSep 11

Latest updateMay 13

Description

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform< 7.1.0

▶CVEListV5red_hat/jboss_enterprise_application_platform7.1.0

🔴Vulnerability Details

GHSA

GHSA-rwrh-4w4j-q9mq: It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7↗2022-05-13

▶

CVEList

CVE-2016-7066: It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7↗2018-09-11

▶

📋Vendor Advisories

Red Hat

admin-cli: Any local users can connect to jboss-cli↗2017-12-13

▶

💬Community

Bugzilla

CVE-2016-7066 admin-cli: Any local users can connect to jboss-cli↗2016-12-05

▶