製品・ソフトウェアに関する情報

JVN脆弱性詳細

JBoss Enterprise Application Platform における情報漏えいに関する脆弱性

Title	JBoss Enterprise Application Platform における情報漏えいに関する脆弱性
Summary	JBoss Enterprise Application Platform には、情報漏えいに関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 30, 2016, midnight
Registration Date	Dec. 17, 2018, 2:01 p.m.
Last Update	Dec. 17, 2018, 2:01 p.m.

CVSS3.0 : 警告
Score	6.5
Vector	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:L/Au:S/C:P/I:N/A:N

Affected System

レッドハット

JBoss Enterprise Application Platform 7.0.4 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-7061	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7061
National Vulnerability Database (NVD)
2	CVE-2016-7061	https://nvd.nist.gov/vuln/detail/CVE-2016-7061

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
Red Hat Bugzilla
1	Bug 1380852	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7061
Red Hat Security Advisory
2	RHSA-2017:0170	https://access.redhat.com/errata/RHSA-2017:0170
3	RHSA-2017:0171	https://access.redhat.com/errata/RHSA-2017:0171
4	RHSA-2017:0172	https://access.redhat.com/errata/RHSA-2017:0172
5	RHSA-2017:0173	https://access.redhat.com/errata/RHSA-2017:0173
6	RHSA-2017:0244	https://access.redhat.com/errata/RHSA-2017:0244
7	RHSA-2017:0245	https://access.redhat.com/errata/RHSA-2017:0245
8	RHSA-2017:0246	https://access.redhat.com/errata/RHSA-2017:0246
9	RHSA-2017:0247	https://access.redhat.com/errata/RHSA-2017:0247
10	RHSA-2017:0250	http://rhn.redhat.com/errata/RHSA-2017-0250.html
11	RHSA-2017:3454	https://access.redhat.com/errata/RHSA-2017:3454
12	RHSA-2017:3455	https://access.redhat.com/errata/RHSA-2017:3455
13	RHSA-2017:3456	https://access.redhat.com/errata/RHSA-2017:3456
14	RHSA-2017:3458	https://access.redhat.com/errata/RHSA-2017:3458

Change Log

No	Changed Details	Date of change
1	[2018年12月17日] 掲載	Dec. 17, 2018, 2:01 p.m.

NVD Vulnerability Information

CVE-2016-7061

Summary	An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.
Publication Date	Sept. 11, 2018, 1:29 a.m.
Registration Date	Jan. 26, 2021, 2:16 p.m.
Last Update	Nov. 21, 2024, 11:57 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:redhat:jboss_enterprise_application_platform::::::::					7.0.4
execution environment
1	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
2	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://rhn.redhat.com/errata/RHSA-2017-0170.html	Vendor Advisory
2	http://rhn.redhat.com/errata/RHSA-2017-0170.html	Vendor Advisory
3	http://rhn.redhat.com/errata/RHSA-2017-0171.html	Vendor Advisory
4	http://rhn.redhat.com/errata/RHSA-2017-0171.html	Vendor Advisory
5	http://rhn.redhat.com/errata/RHSA-2017-0172.html	Vendor Advisory
6	http://rhn.redhat.com/errata/RHSA-2017-0172.html	Vendor Advisory
7	http://rhn.redhat.com/errata/RHSA-2017-0173.html	Vendor Advisory
8	http://rhn.redhat.com/errata/RHSA-2017-0173.html	Vendor Advisory
9	http://rhn.redhat.com/errata/RHSA-2017-0244.html	Vendor Advisory
10	http://rhn.redhat.com/errata/RHSA-2017-0244.html	Vendor Advisory
11	http://rhn.redhat.com/errata/RHSA-2017-0245.html	Vendor Advisory
12	http://rhn.redhat.com/errata/RHSA-2017-0245.html	Vendor Advisory
13	http://rhn.redhat.com/errata/RHSA-2017-0246.html	Vendor Advisory
14	http://rhn.redhat.com/errata/RHSA-2017-0246.html	Vendor Advisory
15	http://rhn.redhat.com/errata/RHSA-2017-0247.html	Vendor Advisory
16	http://rhn.redhat.com/errata/RHSA-2017-0247.html	Vendor Advisory
17	http://rhn.redhat.com/errata/RHSA-2017-0250.html	Vendor Advisory
18	http://rhn.redhat.com/errata/RHSA-2017-0250.html	Vendor Advisory
19	http://www.securityfocus.com/bid/94222	Third Party Advisory VDB Entry
20	http://www.securityfocus.com/bid/94222	Third Party Advisory VDB Entry
21	https://access.redhat.com/errata/RHSA-2017:3454	Vendor Advisory
22	https://access.redhat.com/errata/RHSA-2017:3454	Vendor Advisory
23	https://access.redhat.com/errata/RHSA-2017:3455	Vendor Advisory
24	https://access.redhat.com/errata/RHSA-2017:3455	Vendor Advisory
25	https://access.redhat.com/errata/RHSA-2017:3456	Vendor Advisory
26	https://access.redhat.com/errata/RHSA-2017:3456	Vendor Advisory
27	https://access.redhat.com/errata/RHSA-2017:3458	Vendor Advisory
28	https://access.redhat.com/errata/RHSA-2017:3458	Vendor Advisory
29	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7061	Issue Tracking Vendor Advisory
30	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7061	Issue Tracking Vendor Advisory

Common Vulnerabilities List