CVE-2017-12167 Vulnerability Details

  /     /     /  

CVE-2017-12167 Metadata Quick Info

CVE Published: 26/07/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: redhat | Vendor: Red Hat | Product: EAP-7
Status : PUBLISHED

---

CVE-2017-12167 Description

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-732
CWE Name: CWE-732
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).