CVE-2017-12167

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Eap-7
Vendor: CVE Published:; 26 July 2018

Summary

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

Affected Version(s)

EAP-7 7.0.9

References

https://access.redhat.com/errata/RHSA-2018:0002

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2017:3458

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2018:0004

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Aug 1, 2017

Collectors

NVD DatabaseMitre Database

.