Information Disclosure Vulnerability in JBoss Enterprise Application Platform by Red Hat
CVE-2016-7061
3.5LOW
Summary
An information disclosure vulnerability exists in the JBoss Enterprise Application Platform prior to version 7.0.4. This issue arises when the Role-based Access Control (RBAC) is configured, allowing users assigned to the Monitor role to access sensitive information that should be restricted. The flaw can lead to unauthorized exposure of critical data, posing risks for organizations relying on the secure handling of sensitive information.
Affected Version(s)
EAP 7.0.4
References
CVSS V3.1
Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved