Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5406)

Description

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

Remediation

References

CVE-2016-5406

Related Vulnerabilities

Sqlite NULL Pointer Dereference Vulnerability (CVE-2017-15286)

OpenVPN AS Other Vulnerability (CVE-2005-3393)

MySQL CVE-2020-14791 Vulnerability (CVE-2020-14791)

WordPress Plugin Job Board by BestWebSoft Cross-Site Scripting (1.1.3)

Oracle HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-0197)

Severity

High

Classification

CVE-2016-5406 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H