735274 – (CVE-2010-0737) CVE-2010-0737 JBoss ON CLI privilege escalation

Bug 735274 (CVE-2010-0737) - CVE-2010-0737 JBoss ON CLI privilege escalation

Summary: CVE-2010-0737 JBoss ON CLI privilege escalation

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2010-0737
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-02 05:24 UTC by David Jorm
Modified:	2021-02-24 14:48 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-09-02 05:53:08 UTC
Embargoed:

Attachments	(Terms of Use)

Description David Jorm 2011-09-02 05:24:12 UTC

A missing permission check was found in the JBoss Operations Network CLI, a Java shell that allows you to connect to the JBoss ON server over the command line. An unprivileged JBoss ON user could use this flaw to perform JBoss ON management tasks and configuration changes with the privileges of the administrator user.

Comment 1 David Jorm 2011-09-02 05:50:42 UTC

Statement:

This issue was fixed by a patch to JBoss Operations Network 2.3.1, available for download from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=1983&product=em&version=2.3.1&downloadType=securityPatches

Note You need to log in before you can comment on or make changes to this bug.