CVE-2018-10682

Name of the Vulnerable Software and Affected Versions WildFly version 10.1.2.Final

Description An issue allows an attacker to access the administration panel without authentication using anonymous access. Once logged in, a misconfiguration permits an anonymous user to deploy a malicious .war file, leading to remote code execution. The vendor notes that anonymous access is not available by default but remains optional for certain use cases, such as development environments.

Recommendations For WildFly version 10.1.2.Final, consider disabling the anonymous access feature to prevent unauthorized access to the administration panel. Additionally, review and adjust the auto-deployment configuration to prevent malicious file deployments.