CVE-2017-12167 — MEDIUM (5.5)

Q: How severe is CVE-2017-12167?

CVE-2017-12167 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-12167?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux.

Vulnerability Description

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Jboss Enterprise Application Platform	< 7.0.9
Redhat	Enterprise Linux	6.0

Related Weaknesses (CWE)

CWE-732 CWE-200

References

http://www.securityfocus.com/bid/100903Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:3454Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3455Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3456Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3458Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0002Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0003Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0004Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0005Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167Issue TrackingVendor Advisory
http://www.securityfocus.com/bid/100903Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:3454Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3455Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3456Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3458Vendor Advisory

FAQ

What is CVE-2017-12167?

CVE-2017-12167 is a vulnerability with a CVSS score of 5.5 (MEDIUM). It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users a...

How severe is CVE-2017-12167?

CVE-2017-12167 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12167?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux.