CVE-2016-5422

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.

Published: Sep 7, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-5422
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
redhat / jboss_operations_network	-	3.3.6.x

http://rhn.redhat.com/errata/RHSA-2016-1785.html
http://www.securityfocus.com/bid/92722

Vulnerability Database

289,599

CVE-2016-5422