CVE-2017-12189

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

Published: Jan 10, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-12189
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
redhat / jboss_enterprise_application_platform	7.0	7.0.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x

http://www.securityfocus.com/bid/102407
https://access.redhat.com/errata/RHSA-2018:0002
https://access.redhat.com/errata/RHSA-2018:0003
https://access.redhat.com/errata/RHSA-2018:0004
https://access.redhat.com/errata/RHSA-2018:0005
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189

Vulnerability Database

289,697

CVE-2017-12189