Privilege Escalation

2019-05-0205:49:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

74.7%

JSON

Red Hat JBoss Enterprise Application Platform is vulnerable to privilege escalation vulnerability. The domain controller in EAP will not propagate its administrative RBAC configuration to some slaves. An unauthenticated attacker could gain gain elevated privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

CPENameOperatorVersion
eap7-xalan-j2eq2.7.1__24.redhat_10.1.ep7.el7
eap7-xalan-j2eq2.7.1__24.redhat_10.1.ep7.el6
eap7-jbereteq1.2.0__3.Final_redhat_1.1.ep7.el6
eap7-jbereteq1.2.1__1.Final_redhat_1.1.ep7.el7
eap7-jbereteq1.2.1__1.Final_redhat_1.1.ep7.el6
eap7-jbereteq1.2.0__3.Final_redhat_1.1.ep7.el7
eap7-picketlink-bindingseq2.5.5__1.SP1_redhat_2.2.ep7.el6
eap7-picketlink-bindingseq2.5.5__2.SP2_redhat_1.1.ep7.el6
eap7-picketlink-bindingseq2.5.5__2.SP2_redhat_1.1.ep7.el7
eap7-picketlink-bindingseq2.5.5__1.SP1_redhat_2.2.ep7.el7

Name	Operator	Version
eap7-xalan-j2	eq	2.7.1__24.redhat_10.1.ep7.el7
eap7-xalan-j2	eq	2.7.1__24.redhat_10.1.ep7.el6
eap7-jberet	eq	1.2.0__3.Final_redhat_1.1.ep7.el6
eap7-jberet	eq	1.2.1__1.Final_redhat_1.1.ep7.el7
eap7-jberet	eq	1.2.1__1.Final_redhat_1.1.ep7.el6
eap7-jberet	eq	1.2.0__3.Final_redhat_1.1.ep7.el7
eap7-picketlink-bindings	eq	2.5.5__1.SP1_redhat_2.2.ep7.el6
eap7-picketlink-bindings	eq	2.5.5__2.SP2_redhat_1.1.ep7.el6
eap7-picketlink-bindings	eq	2.5.5__2.SP2_redhat_1.1.ep7.el7
eap7-picketlink-bindings	eq	2.5.5__1.SP1_redhat_2.2.ep7.el7