The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-04-11T14:00:00
Updated: 2016-04-11T13:57:01
Reserved: 2016-01-29T00:00:00
Link: CVE-2016-2171
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-04-11T14:59:10.333
Modified: 2016-04-14T22:23:11.550
Link: CVE-2016-2171
JSON object: View
Redhat Information
No data.
CWE