Lucene search

RedhatCVELIST:CVE-2016-8648

HistoryAug 01, 2018 - 2:00 p.m.

CVE-2016-8648

2018-08-0114:00:00

CWE-502

redhat

www.cve.org

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.6%

JSON

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath.

CNA Affected

[
  {
    "product": "Karaf",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "As shipped with Jboss Fuse 6.x"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94513

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.6%

JSON

Related for CVELIST:CVE-2016-8648