The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2016-1785.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/92722 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-09-07T19:00:00
Updated: 2016-09-07T18:57:02
Reserved: 2016-06-10T00:00:00
Link: CVE-2016-5422
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-09-07T19:28:03.737
Modified: 2016-09-08T17:08:29.120
Link: CVE-2016-5422
JSON object: View
Redhat Information
No data.
CWE