Description

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

Remediation

References

CVE-2016-5406

Related Vulnerabilities

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1761)

WordPress Plugin Abandoned Cart Recovery for WooCommerce Cross-Site Request Forgery (1.0.4)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7932)

WebLogic CVE-2020-2552 Vulnerability (CVE-2020-2552)

IBM Lotus Domino web server Cross-Site Scripting vulnerabilities

Severity

High

Classification

CVE-2016-5406 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities