CVE-2016-0710

Name of the Vulnerable Software and Affected Versions Apache Jetspeed versions prior to 2.3.1

Description The issue concerns SQL injection vulnerabilities in the User Manager service. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited via the role or user parameter to the "services/usermanager/users/" API endpoint.

Recommendations For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "services/usermanager/users/" API endpoint to minimize the risk of exploitation. Avoid using the role and user parameters in this endpoint until the issue is resolved.