Piosky

**Name of the Vulnerable Software and Affected Versions** WildFly version 10.1.2.Final **Description** An issue allows an attacker to access the administration panel without authentication using `anonymous` access. Once logged in, a misconfiguration permits an anonymous user to deploy a malicious .war file, leading to remote code execution. The vendor notes that anonymous access is not available by default but remains optional for certain use cases, such as development environments. **Recommendations** For WildFly version 10.1.2.Final, consider disabling the anonymous access feature to prevent unauthorized access to the administration panel. Additionally, review and adjust the auto-deployment configuration to prevent malicious file deployments.

**Name of the Vulnerable Software and Affected Versions** WildFly version 10.1.2.Final **Description** An issue was discovered where an attacker can access the server without authentication in the case of a default installation without a security realm reference. This is because the configuration is effectively unsecured, as indicated by the Security Realms documentation in the product's Admin Guide. The vendor supports these unsecured configurations due to valid use cases during development. **Recommendations** For WildFly version 10.1.2.Final, consider configuring a security realm reference to secure the server and prevent unauthorized access. As a temporary workaround, restrict access to the server to minimize the risk of exploitation.