PT-2019-5278 · Red Hat · Jboss Eap+2

Chess Hazlett

·

Publicado

2019-09-17

·

Atualizado

2020-01-15

·

CVE-2019-14843

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Wildfly Security Manager versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7
Description The issue is related to inadequate access control in the Wildfly Security Manager, which can be exploited to gain access to protected information. A malicious application deployed on the application server could potentially use this flaw to access unauthorized information and conduct further attacks.
Recommendations For versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7, consider restricting access to sensitive information until a fix is available. As a temporary workaround, review and limit the deployment of applications on the server to minimize the risk of exploitation.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863CWE-592

Identificadores relacionados

BDU:2020-02179
CVE-2019-14843
RHSA-2019:2973
RHSA-2019:4018
RHSA-2019:4019
RHSA-2019:4020
RHSA-2019:4040
RHSA-2019:4041
RHSA-2019:4042
RHSA-2024:5856

Produtos afetados

Jboss Eap
Red Hat Sso
Wildfly Security Manager