The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-04-11T14:00:00

Updated: 2024-08-05T23:17:50.748Z

Reserved: 2016-01-29T00:00:00

Link: CVE-2016-2171

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2016-04-11T14:59:10.333

Modified: 2016-04-14T22:23:11.550

Link: CVE-2016-2171

cve-icon Redhat

No data.