| Vulnerability Name: | CVE-2010-0737 (CCN-171004) | ||||||||||||
| Assigned: | 2010-02-26 | ||||||||||||
| Published: | 2011-09-02 | ||||||||||||
| Updated: | 2019-11-05 | ||||||||||||
| Summary: | A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. | ||||||||||||
| CVSS v3 Severity: | 8.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.2 Medium (CVSS v2 Vector: AV:A/AC:L/Au:S/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-732 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2010-0737 Source: CCN Type: Red Hat Bugzilla - Bug 735274 (CVE-2010-0737) - CVE-2010-0737 JBoss ON CLI privilege escalation Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737 Source: XF Type: UNKNOWN redhat-cve20100737-priv-esc(171004) Source: CCN Type: Red Hat Web site JBoss Operations Network | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||