CVE-2017-12167 — Incorrect Permission Assignment in Redhat Jboss Enterprise Application Platform

CWE-732 — Incorrect Permission Assignment CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 83.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform RED HAT Eap-7

Timeline

PublishedJul 26

Latest updateMay 13

Description

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform< 7.0.9+2

▶CVEListV5red_hat/eap-77.0.9

🔴Vulnerability Details

GHSA

GHSA-5gp7-3qfp-8548: It was found in EAP 7 before 7↗2022-05-13

▶

CVEList

CVE-2017-12167: It was found in EAP 7 before 7↗2018-07-26

▶

📋Vendor Advisories

Red Hat

EAP-7: Wrong privileges on multiple property files↗2017-09-14

▶

💬Community

Bugzilla

CVE-2017-12167 EAP-7: Wrong privileges on multiple property files↗2017-09-14

▶