Description

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

Remediation

References

CVE-2017-12189

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4022)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35480)

WordPress Plugin Testimonial Rotator Cross-Site Scripting (3.0.3)

EspoCRM Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7986)

WordPress Plugin FormCraft-Contact Form Builder SQL Injection (1.0.5)

Severity

High

Classification

CVE-2017-12189 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities