CVE-2016-7043 Vulnerability Details

  /     /     /  

CVE-2016-7043 Metadata Quick Info

CVE Published: 15/05/2019 | CVE Updated: 06/08/2024 | CVE Year: 2016
Source: redhat | Vendor: KIE | Product: kie-server
Status : PUBLISHED

---

CVE-2016-7043 Description

It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-260
CWE Name: CWE-260
Source: KIE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).