Vulnerability Details CVE-2016-6330
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.187
EPSS Ranking 94.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 9.0
References
Products affected by CVE-2016-6330
-
cpe:2.3:a:redhat:jboss_operations_network:3.0
-
cpe:2.3:a:redhat:jboss_operations_network:3.0.1
-
cpe:2.3:a:redhat:jboss_operations_network:3.1
-
cpe:2.3:a:redhat:jboss_operations_network:3.1.1
-
cpe:2.3:a:redhat:jboss_operations_network:3.1.2
-
cpe:2.3:a:redhat:jboss_operations_network:3.1.4
-
cpe:2.3:a:redhat:jboss_operations_network:3.2.0
-
cpe:2.3:a:redhat:jboss_operations_network:3.2.1
-
cpe:2.3:a:redhat:jboss_operations_network:3.2.2
-
cpe:2.3:a:redhat:jboss_operations_network:3.2.3
-
cpe:2.3:a:redhat:jboss_operations_network:3.3.1
-
cpe:2.3:a:redhat:jboss_operations_network:3.3.2
-
cpe:2.3:a:redhat:jboss_operations_network:3.3.3
-
cpe:2.3:a:redhat:jboss_operations_network:3.3.4
-
cpe:2.3:a:redhat:jboss_operations_network:3.3.5
-
cpe:2.3:a:redhat:jboss_operations_network:3.3.6