Improper Default Permissions in JBoss Enterprise Application Platform by Red Hat
CVE-2016-7066
7.8HIGH
Key Information:
- Vendor
- Red Hat
- Vendor
- CVE Published:
- 11 September 2018
Summary
The JBoss Enterprise Application Platform versions prior to 7.1.0 are susceptible to a security issue due to improper default permissions set on the /tmp/auth directory. This vulnerability could allow any local user to access the Command Line Interface (CLI), which may lead to the execution of arbitrary commands and operations on the system. The open permissions on the directory expose it to unauthorized access, making it essential for users to update their installations to mitigate this risk.
Affected Version(s)
JBoss Enterprise Application Platform 7.1.0
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved