7.8

CVE-2017-12189

EPSS 0.05%
Veröffentlicht 10.01.2018 19:29:00
Zuletzt bearbeitet 21.11.2024 03:09:01
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Application Platform Version7.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.121

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-282 Improper Ownership Management

The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

https://access.redhat.com/errata/RHSA-2018:0002

Patch

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:0003

Patch

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:0004

Patch

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:0005

Patch

Vendor Advisory

http://www.securityfocus.com/bid/102407

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-12189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-12189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-12189

EUVD