CVE-2016-7061

low-risk

Published 2018-09-10

An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.

Do I need to act?

0.56% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.5/10 Low

NETWORK / LOW complexity

Affected Products (1)

Jboss Enterprise Application Platform

Affected Vendors

Redhat

References (30)

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0170.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0171.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0172.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0173.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0244.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0245.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0246.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0247.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0250.html

Third Party Advisory http://www.securityfocus.com/bid/94222

Vendor Advisory https://access.redhat.com/errata/RHSA-2017:3454

Vendor Advisory https://access.redhat.com/errata/RHSA-2017:3455

Vendor Advisory https://access.redhat.com/errata/RHSA-2017:3456

Vendor Advisory https://access.redhat.com/errata/RHSA-2017:3458

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7061

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0170.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0171.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0172.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0173.html

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0244.html

and 10 more references

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal