CVE-2017-12189
HIGH severity · CVSS 7.8 · CWE-282
7.8CVSS HIGH
Summary
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)0%
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://access.redhat.com/errata/RHSA-2018:0002 ↗
Additional information
- NVD record
- https://access.redhat.com/errata/RHSA-2018:0002Patch
- https://access.redhat.com/errata/RHSA-2018:0003Patch
- https://access.redhat.com/errata/RHSA-2018:0004Patch
- https://access.redhat.com/errata/RHSA-2018:0005Patch
- http://www.securityfocus.com/bid/102407Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189Advisory