Lucene search

[email protected]CVE-2016-7061

HistorySep 10, 2018 - 4:29 p.m.

CVE-2016-7061

2018-09-1016:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2016-7061

information disclosure

vulnerability

jboss eap

rbac

sensitive information

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.8%

JSON

An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.

CPENameOperatorVersion
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformlt7.0.4

CPE	Name	Operator	Version
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	lt	7.0.4

References

rhn.redhat.com/errata/RHSA-2017-0170.html

rhn.redhat.com/errata/RHSA-2017-0171.html

rhn.redhat.com/errata/RHSA-2017-0172.html

rhn.redhat.com/errata/RHSA-2017-0173.html

rhn.redhat.com/errata/RHSA-2017-0244.html

rhn.redhat.com/errata/RHSA-2017-0245.html

rhn.redhat.com/errata/RHSA-2017-0246.html

rhn.redhat.com/errata/RHSA-2017-0247.html

rhn.redhat.com/errata/RHSA-2017-0250.html

www.securityfocus.com/bid/94222

access.redhat.com/errata/RHSA-2017:3454

access.redhat.com/errata/RHSA-2017:3455

access.redhat.com/errata/RHSA-2017:3456

access.redhat.com/errata/RHSA-2017:3458

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7061

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.8%

JSON

Related for CVE-2016-7061

redhatcve1 veracode1 prion1 redhat13 nessus10