Improper Default Permissions in JBoss Enterprise Application Platform by Red Hat
CVE-2016-7066

7.8HIGH

Key Information:

Vendor
Red Hat
Vendor
CVE Published:
11 September 2018

Summary

The JBoss Enterprise Application Platform versions prior to 7.1.0 are susceptible to a security issue due to improper default permissions set on the /tmp/auth directory. This vulnerability could allow any local user to access the Command Line Interface (CLI), which may lead to the execution of arbitrary commands and operations on the system. The open permissions on the directory expose it to unauthorized access, making it essential for users to update their installations to mitigate this risk.

Affected Version(s)

JBoss Enterprise Application Platform 7.1.0

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.