What is CVE-2016-0710?

CVE-2016-0710 is a high-severity vulnerability in Apache Jetspeed, classified under SQL Injection. CVSS score: 8.8/10. Published 2016-04-11.

How severe is CVE-2016-0710?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2016-0710 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Apache Jetspeed

CVE-2016-0710

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Vulnerability class: SQL Injection

EPSS: 0.780 (99.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Apache Jetspeed
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

39643 (Exploit, exploit, x_refsource_EXPLOIT-DB)
[portals-jetspeed-user] 20160303 [CVE-2016-0710] Apache Jetspeed information disclosure vulnerability (mailing-list, x_refsource_MLIST)
secalert@redhat.com (Exploit, x_refsource_MISC)
secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (Exploit, x_refsource_MISC)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-0710?: CVE-2016-0710 is a high-severity vulnerability in Apache Jetspeed, classified under SQL Injection. CVSS score: 8.8/10. Published 2016-04-11.
How severe is CVE-2016-0710?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2016-0710 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.