Veracode Vulnerability DatabaseVERACODE:12273

HistoryJan 15, 2019 - 9:15 a.m.

Information Disclosure

2019-01-1509:15:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

eap7-jboss-xnio-base is vulnerable to information disclosure attacks. The vulnerability exists as an information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.

CPENameOperatorVersion
eap7-picketlink-bindingseq2.5.5__3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-bindingseq2.5.5__2.SP2_redhat_1.1.ep7.el6
eap7-picketlink-bindingseq2.5.5__3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-bindingseq2.5.5__1.SP1_redhat_2.2.ep7.el6
eap7-picketlink-bindingseq2.5.5__2.SP2_redhat_1.1.ep7.el7
eap7-picketlink-bindingseq2.5.5__1.SP1_redhat_2.2.ep7.el7
eap7-picketlink-federationeq2.5.5__1.SP1_redhat_1.1.ep7.el7
eap7-picketlink-federationeq2.5.5__3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-federationeq2.5.5__2.SP2_redhat_1.1.ep7.el6
eap7-picketlink-federationeq2.5.5__1.SP1_redhat_1.1.ep7.el6

Name	Operator	Version
eap7-picketlink-bindings	eq	2.5.5__3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-bindings	eq	2.5.5__2.SP2_redhat_1.1.ep7.el6
eap7-picketlink-bindings	eq	2.5.5__3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-bindings	eq	2.5.5__1.SP1_redhat_2.2.ep7.el6
eap7-picketlink-bindings	eq	2.5.5__2.SP2_redhat_1.1.ep7.el7
eap7-picketlink-bindings	eq	2.5.5__1.SP1_redhat_2.2.ep7.el7
eap7-picketlink-federation	eq	2.5.5__1.SP1_redhat_1.1.ep7.el7
eap7-picketlink-federation	eq	2.5.5__3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-federation	eq	2.5.5__2.SP2_redhat_1.1.ep7.el6
eap7-picketlink-federation	eq	2.5.5__1.SP1_redhat_1.1.ep7.el6

Rows per page:

1-10 of 34481

References

rhn.redhat.com/errata/RHSA-2017-0170.html

rhn.redhat.com/errata/RHSA-2017-0171.html

rhn.redhat.com/errata/RHSA-2017-0172.html

rhn.redhat.com/errata/RHSA-2017-0173.html

rhn.redhat.com/errata/RHSA-2017-0244.html

rhn.redhat.com/errata/RHSA-2017-0245.html

rhn.redhat.com/errata/RHSA-2017-0246.html

rhn.redhat.com/errata/RHSA-2017-0247.html

rhn.redhat.com/errata/RHSA-2017-0250.html

www.securityfocus.com/bid/94222

access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/

access.redhat.com/errata/RHSA-2017:0171

access.redhat.com/errata/RHSA-2017:3454

access.redhat.com/errata/RHSA-2017:3455

access.redhat.com/errata/RHSA-2017:3456

access.redhat.com/errata/RHSA-2017:3458

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7061

issues.jboss.org/browse/JBEAP-5961

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for VERACODE:12273