gsd - gsd-2016-5406

gsd-2016-5406

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

Aliases

CVE-2016-5406

Aliases

CVE-2016-5406

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-5406",
    "description": "The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.",
    "id": "GSD-2016-5406",
    "references": [
      "https://access.redhat.com/errata/RHSA-2017:3458",
      "https://access.redhat.com/errata/RHSA-2017:3456",
      "https://access.redhat.com/errata/RHSA-2017:3455",
      "https://access.redhat.com/errata/RHSA-2017:3454",
      "https://access.redhat.com/errata/RHSA-2016:1841",
      "https://access.redhat.com/errata/RHSA-2016:1840",
      "https://access.redhat.com/errata/RHSA-2016:1839",
      "https://access.redhat.com/errata/RHSA-2016:1838"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-5406"
      ],
      "details": "The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.",
      "id": "GSD-2016-5406",
      "modified": "2023-12-13T01:21:25.739288Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-5406",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2016-1838.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2016-1839.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2016-1840.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2016-1841.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2017:3454",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2017:3454"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2017:3455",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2017:3455"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2017:3456",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2017:3456"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2017:3458",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2017:3458"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-5406"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359014"
            },
            {
              "name": "RHSA-2016:1838",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html"
            },
            {
              "name": "RHSA-2016:1840",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html"
            },
            {
              "name": "RHSA-2016:1841",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html"
            },
            {
              "name": "RHSA-2016:1839",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html"
            },
            {
              "name": "RHSA-2017:3458",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2017:3458"
            },
            {
              "name": "RHSA-2017:3456",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2017:3456"
            },
            {
              "name": "RHSA-2017:3455",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2017:3455"
            },
            {
              "name": "RHSA-2017:3454",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2017:3454"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-12-15T02:29Z",
      "publishedDate": "2016-09-26T14:59Z"
    }
  }
}

cve-2016-5406

Vulnerability from cvelistv5

Published

2016-09-26 14:00

Modified

2024-08-06 01:00

Severity

Summary

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2016-1841.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3458	vendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1359014	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-1838.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3455	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3456	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3454	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-1839.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-1840.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website