CVE-2016-5422

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Operations Network (JON) versions prior to 3.3.7

Description The issue concerns the web console in Red Hat JBoss Operations Network (JON) that does not properly authorize requests to add users with the super user role. This allows remote authenticated users to gain admin privileges via a crafted POST request to an unspecified API endpoint.

Recommendations For versions prior to 3.3.7, update to version 3.3.7 or later to resolve the issue.