CyberSec.Space Logo
Back to CVE Browser

CVE-2016-5406

HIGH
8.8
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile31.52th
PublishedSep 26, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

Affected Platforms (CPE)

πŸ“¦
Redhat

Jboss Enterprise Application Platform

<= 7.0.1

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2016-1838.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2016-1839.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2016-1840.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2016-1841.html
πŸ”— https://access.redhat.com/errata/RHSA-2017:3454
πŸ”— https://access.redhat.com/errata/RHSA-2017:3455
πŸ”— https://access.redhat.com/errata/RHSA-2017:3456
πŸ”— https://access.redhat.com/errata/RHSA-2017:3458

Related Vulnerabilities

CVE-2015-75019.8

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp...

CVE-2017-121499.8

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in ...

CVE-2014-54019.8

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that ...

CVE-2010-18718.8

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize i...