Vulnerability Details : CVE-2016-5406
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.
Products affected by CVE-2016-5406
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5406
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5406
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-5406
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5406
-
http://rhn.redhat.com/errata/RHSA-2016-1839.html
RHSA-2016:1839 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1841.html
Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1840.html
RHSA-2016:1840 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:3458
RHSA-2017:3458 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2016-1838.html
RHSA-2016:1838 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:3456
RHSA-2017:3456 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:3455
RHSA-2017:3455 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:3454
RHSA-2017:3454 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=1359014
1359014 – (CVE-2016-5406) CVE-2016-5406 EAP7 Privilege escalation when managing domain including earlier version slavesIssue Tracking;VDB Entry;Vendor Advisory
Jump to