Improper Default Permissions in JBoss Enterprise Application Platform by Red Hat
CVE-2016-7066

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Jboss Enterprise Application Platform
Vendor: CVE Published:; 11 September 2018

What is CVE-2016-7066?

The JBoss Enterprise Application Platform versions prior to 7.1.0 are susceptible to a security issue due to improper default permissions set on the /tmp/auth directory. This vulnerability could allow any local user to access the Command Line Interface (CLI), which may lead to the execution of arbitrary commands and operations on the system. The open permissions on the directory expose it to unauthorized access, making it essential for users to update their installations to mitigate this risk.

Affected Version(s)

JBoss Enterprise Application Platform 7.1.0

References

https://access.redhat.com/errata/RHSA-2017:3456

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2018
Vulnerability Reserved
Aug 23, 2016