Lucene search

Veracode Vulnerability DatabaseVERACODE:17608

HistoryMay 02, 2019 - 5:49 a.m.

Privilege Escalation

2019-05-0205:49:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

Red Hat JBoss Enterprise Application Platform is vulnerable to privilege escalation vulnerability. The domain controller in EAP will not propagate its administrative RBAC configuration to some slaves. An unauthenticated attacker could gain gain elevated privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

CPENameOperatorVersion
eap7-xalan-j2eq2.7.1__24.redhat_10.1.ep7.el7
eap7-xalan-j2eq2.7.1__24.redhat_10.1.ep7.el6
eap7-jbereteq1.2.0__3.Final_redhat_1.1.ep7.el6
eap7-jbereteq1.2.1__1.Final_redhat_1.1.ep7.el7
eap7-jbereteq1.2.1__1.Final_redhat_1.1.ep7.el6
eap7-jbereteq1.2.0__3.Final_redhat_1.1.ep7.el7
eap7-picketlink-bindingseq2.5.5__1.SP1_redhat_2.2.ep7.el6
eap7-picketlink-bindingseq2.5.5__2.SP2_redhat_1.1.ep7.el6
eap7-picketlink-bindingseq2.5.5__2.SP2_redhat_1.1.ep7.el7
eap7-picketlink-bindingseq2.5.5__1.SP1_redhat_2.2.ep7.el7

Name	Operator	Version
eap7-xalan-j2	eq	2.7.1__24.redhat_10.1.ep7.el7
eap7-xalan-j2	eq	2.7.1__24.redhat_10.1.ep7.el6
eap7-jberet	eq	1.2.0__3.Final_redhat_1.1.ep7.el6
eap7-jberet	eq	1.2.1__1.Final_redhat_1.1.ep7.el7
eap7-jberet	eq	1.2.1__1.Final_redhat_1.1.ep7.el6
eap7-jberet	eq	1.2.0__3.Final_redhat_1.1.ep7.el7
eap7-picketlink-bindings	eq	2.5.5__1.SP1_redhat_2.2.ep7.el6
eap7-picketlink-bindings	eq	2.5.5__2.SP2_redhat_1.1.ep7.el6
eap7-picketlink-bindings	eq	2.5.5__2.SP2_redhat_1.1.ep7.el7
eap7-picketlink-bindings	eq	2.5.5__1.SP1_redhat_2.2.ep7.el7

Rows per page:

1-10 of 9941

References

rhn.redhat.com/errata/RHSA-2016-1838.html

rhn.redhat.com/errata/RHSA-2016-1839.html

rhn.redhat.com/errata/RHSA-2016-1840.html

rhn.redhat.com/errata/RHSA-2016-1841.html

access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/?version=7.0/

access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/702-release-notes/

access.redhat.com/errata/RHSA-2017:3454

access.redhat.com/errata/RHSA-2017:3455

access.redhat.com/errata/RHSA-2017:3456

access.redhat.com/errata/RHSA-2017:3458

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1359014

issues.jboss.org/browse/JBEAP-4731

rhn.redhat.com/errata/RHSA-2016-1838.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

Related for VERACODE:17608