What is CVE-2016-5406?

CVE-2016-5406 is a high-severity vulnerability in Redhat Enterprise_linux, classified under CWE-264. CVSS score: 8.8/10. Published 2016-09-26.

How severe is CVE-2016-5406?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Redhat Enterprise_linux

CVE-2016-5406

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

EPSS: 0.015 (81.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Redhat Enterprise_linux — versions 6.0, 7.0
Redhat Jboss_enterprise_application_platform
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

RHSA-2016:1841 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2017:3458 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, VDB Entry, Issue Tracking, Vendor Advisory)
RHSA-2016:1838 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2017:3455 (x_refsource_REDHAT, vendor-advisory)
RHSA-2017:3456 (x_refsource_REDHAT, vendor-advisory)
RHSA-2017:3454 (x_refsource_REDHAT, vendor-advisory)
RHSA-2016:1839 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2016:1840 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2016-5406?: CVE-2016-5406 is a high-severity vulnerability in Redhat Enterprise_linux, classified under CWE-264. CVSS score: 8.8/10. Published 2016-09-26.
How severe is CVE-2016-5406?: High severity. CVSS v3 base score is 8.8 out of 10.