The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1359014 | Issue Tracking VDB Entry Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1838.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1840.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1841.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1839.html | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2017:3458 | |
https://access.redhat.com/errata/RHSA-2017:3456 | |
https://access.redhat.com/errata/RHSA-2017:3455 | |
https://access.redhat.com/errata/RHSA-2017:3454 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2016-09-26 07:59
Updated : 2017-12-14 18:29
NVD link : CVE-2016-5406
Mitre link : CVE-2016-5406
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
redhat
- enterprise_linux
- jboss_enterprise_application_platform