CVE-2016-8656 HIGH

CVE-2016-8656

Vendor Jboss
Product jbossas
Weakness CWE-284
Published May 22, 2018
Last update August 6, 2024

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.

Key dates

02Disclosure timeline

May 22, 2018 CVE published
August 6, 2024 Record updated