| Vulnerability Name: | CVE-2017-12167 (CCN-148266) | ||||||||||||
| Assigned: | 2017-08-01 | ||||||||||||
| Published: | 2018-02-12 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. | ||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-12167 Source: BID Type: Third Party Advisory, VDB Entry 100903 Source: CCN Type: BID-100903 JBoss Enterprise Application Platform CVE-2017-12167 Local Information Disclosure Vulnerability Source: CCN Type: Red Hat Web site RHSA-2017:3454 - Security Advisory Source: REDHAT Type: Vendor Advisory RHSA-2017:3454 Source: CCN Type: Red Hat Web site RHSA-2017:3455 - Security Advisory Source: REDHAT Type: Vendor Advisory RHSA-2017:3455 Source: CCN Type: Red Hat Web site RHSA-2017:3456 - Security Advisory Source: REDHAT Type: Vendor Advisory RHSA-2017:3456 Source: CCN Type: Red Hat Web site RHSA-2017:3458 - Security Advisory Source: REDHAT Type: Vendor Advisory RHSA-2017:3458 Source: CCN Type: Red Hat Web site RHSA-2018:0002 - Security Advisory Source: REDHAT Type: Vendor Advisory RHSA-2018:0002 Source: CCN Type: Red Hat Web site RHSA-2018:0003 - Security Advisory Source: REDHAT Type: Vendor Advisory RHSA-2018:0003 Source: CCN Type: Red Hat Web site RHSA-2018:0004 - Security Advisory Source: REDHAT Type: Vendor Advisory RHSA-2018:0004 Source: CCN Type: Red Hat Web site RHSA-2018:0005 - Security Advisory Source: REDHAT Type: Vendor Advisory RHSA-2018:0005 Source: CCN Type: Red Hat Bugzilla Bug 1491612 (CVE-2017-12167) CVE-2017-12167 EAP-7: Wrong privileges on multiple property files Source: CONFIRM Type: Issue Tracking, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167 Source: XF Type: UNKNOWN redhat-cve201712167-info-disc(148266) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||