VDB
CVE-2017-12167
CVE-2017-12167
PUBLISHED
CVSS 5.5 MEDIUM
Reported by redhat · Published July 26, 2018
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
Risk Scores
CVSS v3.0
5.5
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | EAP-7 | 7.0.9 |
| Red Hat | EAP-7 | 7.0.9, 7.0.9 |
Timeline
- Jul 26, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- May 13, 2022 CVE Updated
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- RHSA-2018:0002 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:3458 vendor-advisoryx_refsource_REDHAT
- RHSA-2018:0004 vendor-advisoryx_refsource_REDHAT
- 100903 vdb-entryx_refsource_BID
- RHSA-2017:3455 vendor-advisoryx_refsource_REDHAT
- RHSA-2017:3456 vendor-advisoryx_refsource_REDHAT
- RHSA-2018:0003 vendor-advisoryx_refsource_REDHAT
- RHSA-2018:0005 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- RHSA-2017:3454 vendor-advisoryx_refsource_REDHAT