PT-2016-6419 · Red Hat · Red Hat Jboss Operations Network

Jeremy Choi

Published

2016-09-07

Updated

2016-09-08

CVE-2016-5422

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Operations Network (JON) versions prior to 3.3.7

Description The issue concerns the web console in Red Hat JBoss Operations Network (JON) that does not properly authorize requests to add users with the super user role. This allows remote authenticated users to gain admin privileges via a crafted POST request to an unspecified API endpoint.

Recommendations For versions prior to 3.3.7, update to version 3.3.7 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-5422

Affected Products

Red Hat Jboss Operations Network

PT-2016-6419 · Red Hat · Red Hat Jboss Operations Network

CVE-2016-5422

Weakness Enumeration

Related Identifiers

Affected Products

References · 4