Regular users are able to add a user with super user role by sending a crafted POST request through the JON web console. This allows attackers to gain admin privilege, which leads to affecting Confidentiality, Integrity and Availability of the JON server itself as well as the resources it manages.
Name: Jeremy Choi (Red Hat Product Security Team)
This issue has been addressed in the following products:
Via RHSA-2016:1785 https://rhn.redhat.com/errata/RHSA-2016-1785.html