vulnerability

Red Hat JBoss EAP: CVE-2016-6345: Exposure of Sensitive Information to an Unauthorized Actor

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:N/AC:H/Au:S/C:P/I:N/A:N)	Sep 1, 2016	Sep 19, 2024	Nov 26, 2025

Severity

CVSS

(AV:N/AC:H/Au:S/C:P/I:N/A:N)

Published

Sep 1, 2016

Added

Sep 19, 2024

Modified

Nov 26, 2025

Description

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.. It was found that there was insufficient use of randam values in RESTEasy async jobs. An attacker could use this flaw to steal user data.

Solution

red-hat-jboss-eap-upgrade-latest

References

CWE-200
CVE-2016-6345
https://attackerkb.com/topics/CVE-2016-6345
URL-https://access.redhat.com/security/cve/CVE-2016-6345
URL-https://bugzilla.redhat.com/show_bug.cgi?id=1372117

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today