EAP: Sensitive data can be exposed at the server level in domain mode

🗓️ 02 Feb 2017 21:03:53Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 4 Views

RBAC in domain mode allows monitor role to view sensitive data marked as such at the server level.

Reporter	Title	Published	Views	Family All 55
Circl	CVE-2016-7061	10 Sep 201820:18	–	circl
CNVD	Redhat JBoss Enterprise Application Platform Information Disclosure Vulnerability	14 Nov 201600:00	–	cnvd
CVE	CVE-2016-7061	10 Sep 201816:00	–	cve
Cvelist	CVE-2016-7061	10 Sep 201816:00	–	cvelist
EUVD	EUVD-2016-7941	7 Oct 202500:30	–	euvd
NVD	CVE-2016-7061	10 Sep 201816:29	–	nvd
OSV	CVE-2016-7061	10 Sep 201816:29	–	osv
OSV	RHSA-2017:0170 Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.4 on RHEL 6	13 Sep 202414:38	–	osv
OSV	RHSA-2017:0171 Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.4 for RHEL 7	13 Sep 202414:38	–	osv
OSV	RHSA-2017:0173 Red Hat Security Advisory: eap7-jboss-ec2-eap security update	13 Sep 202414:38	–	osv

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	any	jboss-ec2-eap	0:7.5.13-1.Final_redhat_2.ep6.el6.noarch	jboss-ec2-eap-0:7.5.13-1.Final_redhat_2.ep6.el6.noarch.noarch.rpm
Red Hat Enterprise Linux	6	any	jboss-ec2-eap-samples	0:7.5.13-1.Final_redhat_2.ep6.el6.noarch	jboss-ec2-eap-samples-0:7.5.13-1.Final_redhat_2.ep6.el6.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-7061
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-7061
cve	www.cve.org/CVERecord

13 May 2026 01:17Current

7.3High risk

Vulners AI Score7.3

CVSS 24

CVSS 33.5 - 6.5

EPSS0.01766

role based access domain mode monitor role sensitive data server level data marking