CVE-2017-12167

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

Published: Jul 26, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-12167
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
redhat / jboss_enterprise_application_platform	-	7.0.9
redhat / jboss_enterprise_application_platform	7.1.0	7.1.0.x
redhat / jboss_enterprise_application_platform	7.0.0	7.0.0.x

http://www.securityfocus.com/bid/100903
https://access.redhat.com/errata/RHSA-2017:3454
https://access.redhat.com/errata/RHSA-2017:3455
https://access.redhat.com/errata/RHSA-2017:3456
https://access.redhat.com/errata/RHSA-2017:3458
https://access.redhat.com/errata/RHSA-2018:0002
https://access.redhat.com/errata/RHSA-2018:0003
https://access.redhat.com/errata/RHSA-2018:0004
https://access.redhat.com/errata/RHSA-2018:0005
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167

Vulnerability Database

289,599

CVE-2017-12167