CVE-2016-5422

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
redhatjboss_operations_network
𝑥
≤ 3.3.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-1785.html
http://www.securityfocus.com/bid/92722
http://rhn.redhat.com/errata/RHSA-2016-1785.html
http://www.securityfocus.com/bid/92722