{"api_version":"1","generated_at":"2026-04-22T23:21:40+00:00","cve":"CVE-2016-5422","urls":{"html":"https://cve.report/CVE-2016-5422","api":"https://cve.report/api/cve/CVE-2016-5422.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-5422","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-5422"},"summary":{"title":"CVE-2016-5422","description":"The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2016-09-07 19:28:00","updated_at":"2016-09-08 17:08:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/92722","name":"92722","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Red Hat JBoss Operations Network CVE-2016-5422 Remote Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1785.html","name":"RHSA-2016:1785","refsource":"REDHAT","tags":["Patch","Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-5422","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5422","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"5422","vulnerable":"1","versionEndIncluding":"3.3.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_operations_network","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2016-5422","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-1785.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2016-1785.html"},{"url":"http://www.securityfocus.com/bid/92722","refsource":"MISC","name":"http://www.securityfocus.com/bid/92722"}]}},"nvd":{"publishedDate":"2016-09-07 19:28:00","lastModifiedDate":"2016-09-08 17:08:00","problem_types":["CWE-264"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*","versionEndIncluding":"3.3.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"5422","Ordinal":"91504","Title":"CVE-2016-5422","CVE":"CVE-2016-5422","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"5422","Ordinal":"1","NoteData":"The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"5422","Ordinal":"2","NoteData":"2016-09-07","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"5422","Ordinal":"3","NoteData":"2016-09-07","Type":"Other","Title":"Modified"}]}}}