What is CVE-2016-2171?

CVE-2016-2171 is a high-severity vulnerability in Apache Jetspeed, classified under CWE-264. CVSS score: 7.5/10. Published 2016-04-11.

How severe is CVE-2016-2171?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Apache Jetspeed

CVE-2016-2171

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.

EPSS: 0.166 (95.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Apache Jetspeed
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
[portals-jetspeed-user] 20160329 [CVE-2016-2171] Jetspeed User Manager REST service not restricted by Jetspeed Security (Vendor Advisory, mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2016-2171?: CVE-2016-2171 is a high-severity vulnerability in Apache Jetspeed, classified under CWE-264. CVSS score: 7.5/10. Published 2016-04-11.
How severe is CVE-2016-2171?: High severity. CVSS v3 base score is 7.5 out of 10.