Main Vulnerability Database SB2018091116

SB2018091116 - Input validation error in JBoss Enterprise Application Platform

Published: September 11, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018091116

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2016-7066)

The vulnerability allows a local authenticated user to execute arbitrary code.

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2017:3456
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066