Lucene search

K
nvd[email protected]NVD:CVE-2017-12167
HistoryJul 26, 2018 - 5:29 p.m.

CVE-2017-12167

2018-07-2617:29:00
CWE-200
CWE-732
web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

26.5%

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

Affected configurations

NVD
Node
redhatjboss_enterprise_application_platformRange<7.0.9
Node
redhatjboss_enterprise_application_platformMatch7.1.0
AND
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
Node
redhatjboss_enterprise_application_platformMatch7.0.0
AND
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

26.5%