Information Disclosure Vulnerability in JBoss Enterprise Application Platform by Red Hat
CVE-2016-7061

3.5LOW

Key Information:

Vendor
Red Hat
Status
Eap
Vendor
CVE Published:
10 September 2018

Summary

An information disclosure vulnerability exists in the JBoss Enterprise Application Platform prior to version 7.0.4. This issue arises when the Role-based Access Control (RBAC) is configured, allowing users assigned to the Monitor role to access sensitive information that should be restricted. The flaw can lead to unauthorized exposure of critical data, posing risks for organizations relying on the secure handling of sensitive information.

Affected Version(s)

EAP 7.0.4

References

http://rhn.redhat.com/errata/RHSA-2017-0250.html
vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0171.html
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3458
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.