CVE Vulnerabilities

CVE-2016-7066

Incorrect Privilege Assignment

Published: Sep 11, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
6.1 IMPORTANT
AV:L/AC:L/Au:N/C:P/I:P/A:C
RedHat/V3
Ubuntu

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Jboss_enterprise_application_platform Redhat * 7.1.0 (excluding)
Red Hat JBoss EAP 7 RedHat *

Potential Mitigations

References