Lucene search

K
cvelistRedhatCVELIST:CVE-2017-12167
HistoryJul 26, 2018 - 5:00 p.m.

CVE-2017-12167

2018-07-2617:00:00
CWE-732
redhat
www.cve.org
3

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

26.5%

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

CNA Affected

[
  {
    "product": "EAP-7",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.9"
      }
    ]
  }
]

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

26.5%

Related for CVELIST:CVE-2017-12167