Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2017-12167 - Vulnerability Database
Jboss EAP

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2017-12167

Medium
Reference: CVE-2017-12167
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-12167
Title: Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.