CVE-2016-5422
First published: Wed Sep 07 2016(Updated: )
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Operations Network | <=3.3.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-5422?
CVE-2016-5422 is rated as a critical vulnerability due to the potential for unauthorized admin access.
How do I fix CVE-2016-5422?
To fix CVE-2016-5422, upgrade Red Hat JBoss Operations Network to version 3.3.7 or later.
Who is affected by CVE-2016-5422?
CVE-2016-5422 affects users of Red Hat JBoss Operations Network versions prior to 3.3.7.
What can an attacker do with CVE-2016-5422?
An attacker can exploit CVE-2016-5422 to gain unauthorized super user privileges on the system.
Is CVE-2016-5422 exploited remotely?
Yes, CVE-2016-5422 can be exploited remotely by authenticated users through a crafted POST request.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat jboss operations network
- version/red hat jboss operations network/3.3.6