JBoss EAP 5

Red Hat released an advisory to address a high severity vulnerability,CVE-2017-12149, in JBoss Enterprise Application Platform (EAP) 5. Successful exploitation of this vulnerability could allow a remote threat actor to execute arbitrary code. Depending on the targeted user’s privileges, a threat actor could install programs; view, change, or delete data; or create new user accounts. The NJCCIC recommends users and administrators of JBoss EAP 5 review the Red Hat Advisory and either apply the workaround provided or update to JBoss EAP 6 or 7.