5.5

CVE-2017-12167

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatJboss Enterprise Application Platform Version7.1.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
RedhatJboss Enterprise Application Platform Version7.0.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.292
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://access.redhat.com/errata/RHSA-2018:0002
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0003
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0004
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0005
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3454
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3455
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3456
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3458
Vendor Advisory
http://www.securityfocus.com/bid/100903
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167
Vendor Advisory
Issue Tracking