Vulnerability Details : CVE-2016-7066
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
Products affected by CVE-2016-7066
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-7066
Top countries where our scanners detected CVE-2016-7066
Top open port discovered on systems with this issue
443
IPs affected by CVE-2016-7066 555
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-7066!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-7066
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7066
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
6.1
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:C |
3.9
|
8.5
|
Red Hat, Inc. | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-7066
-
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.Assigned by: secalert@redhat.com (Secondary)
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7066
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066
1401661 – (CVE-2016-7066) CVE-2016-7066 admin-cli: Any local users can connect to jboss-cliIssue Tracking;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:3456
RHSA-2017:3456 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to