The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2016-04-11T14:00:00
Updated: 2024-08-05T23:17:50.748Z
Reserved: 2016-01-29T00:00:00
Link: CVE-2016-2171
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2016-04-11T14:59:10.333
Modified: 2016-04-14T22:23:11.550
Link: CVE-2016-2171
Redhat
No data.