CVE-2017-12189

Advisory lineage Upstream: 0 Downstream: 3

Downstream

RHSA-2018:0002 RHSA-2018:0004 RHSA-2018:0005

Modified

Published: 10 Jan 2018, 19:00

Last modified:05 Aug 2024, 18:28

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.0 (nvd)

EPSS Score

0.05% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

10 Jan 2018, 19:00

Published

Vulnerability first disclosed

05 Aug 2024, 18:28

Last Modified

Vulnerability information updated

Description

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

CVSS Metrics

v3.0•HIGH•Score: 7.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.05%• Percentile: 16%

Techniques & Countermeasures

CWE-282•Improper Ownership Management
The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

Affected Systems

red hat, inc.•red hat jboss enterprise application platform
7.0.7.GA
redhat•enterprise_linux
6.0 | 7.0
redhat•jboss_enterprise_application_platform
7.0