7.8

CVE-2017-12189

EPSS 0.05%
Published 10.01.2018 19:29:00
Last modified 21.11.2024 03:09:01
Source secalert@redhat.com
Teams watchlist Login
Open Login

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Application Platform Version7.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.121

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-282 Improper Ownership Management

The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

https://access.redhat.com/errata/RHSA-2018:0002

Patch

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:0003

Patch

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:0004

Patch

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:0005

Patch

Vendor Advisory

http://www.securityfocus.com/bid/102407

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-12189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-12189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-12189

EUVD