CVE-2016-5422 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2016-5422?

CVE-2016-5422 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-5422?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Operations Network.

Vulnerability Description

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Jboss Operations Network	<= 3.3.6

Related Weaknesses (CWE)

CWE-264

References

http://rhn.redhat.com/errata/RHSA-2016-1785.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/92722Third Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2016-1785.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/92722Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-5422?

CVE-2016-5422 is a vulnerability with a CVSS score of 8.8 (HIGH). The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin...

How severe is CVE-2016-5422?

CVE-2016-5422 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5422?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Operations Network.