vulnerability
Red Hat JBoss EAP: CVE-2017-12167: Incorrect Permission Assignment for Critical Resource
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:C/I:N/A:N) | Sep 14, 2017 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
Sep 14, 2017
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.. It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-732
- CWE-200
- CVE-2017-12167
- https://attackerkb.com/topics/CVE-2017-12167
- URL-https://access.redhat.com/security/cve/CVE-2017-12167
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1491612
- URL-https://access.redhat.com/errata/RHSA-2017:3454
- URL-https://access.redhat.com/errata/RHSA-2017:3455
- URL-https://access.redhat.com/errata/RHSA-2017:3456
- URL-https://access.redhat.com/errata/RHSA-2017:3458
- URL-https://access.redhat.com/errata/RHSA-2018:0002
- URL-https://access.redhat.com/errata/RHSA-2018:0003
- URL-https://access.redhat.com/errata/RHSA-2018:0004
- URL-https://access.redhat.com/errata/RHSA-2018:0005
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.