CVE-2016-7061

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.

References

http://rhn.redhat.com/errata/RHSA-2017-0170.html

http://rhn.redhat.com/errata/RHSA-2017-0171.html

http://rhn.redhat.com/errata/RHSA-2017-0172.html

http://rhn.redhat.com/errata/RHSA-2017-0173.html

http://rhn.redhat.com/errata/RHSA-2017-0244.html

http://rhn.redhat.com/errata/RHSA-2017-0245.html

http://rhn.redhat.com/errata/RHSA-2017-0246.html

http://rhn.redhat.com/errata/RHSA-2017-0247.html

http://rhn.redhat.com/errata/RHSA-2017-0250.html

http://www.securityfocus.com/bid/94222

https://access.redhat.com/errata/RHSA-2017:3454

https://access.redhat.com/errata/RHSA-2017:3455

https://access.redhat.com/errata/RHSA-2017:3456

https://access.redhat.com/errata/RHSA-2017:3458

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7061

Details

Source: MITRE

Published: 2018-09-10

Updated: 2019-10-09

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
112252RHEL 7 : JBoss EAP (RHSA-2017:0245)NessusRed Hat Local Security Checks
high
112174RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2017:0173)NessusRed Hat Local Security Checks
medium
105269RHEL 7 : JBoss EAP (RHSA-2017:3455)NessusRed Hat Local Security Checks
critical
105268RHEL 6 : JBoss EAP (RHSA-2017:3454)NessusRed Hat Local Security Checks
critical
105252RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2017:3458)NessusRed Hat Local Security Checks
critical
97010RHEL 5 : JBoss EAP (RHSA-2017:0246)NessusRed Hat Local Security Checks
high
97009RHEL 6 : JBoss EAP (RHSA-2017:0244)NessusRed Hat Local Security Checks
high
96973RHEL 6 : jboss-ec2-eap (RHSA-2017:0250)NessusRed Hat Local Security Checks
high
96972RHEL 7 : JBoss EAP (RHSA-2017:0171)NessusRed Hat Local Security Checks
medium
96971RHEL 6 : JBoss EAP (RHSA-2017:0170)NessusRed Hat Local Security Checks
medium