PT-2019-5278 · Red Hat · Jboss Eap+2

Chess Hazlett

·

Published

2019-09-17

·

Updated

2020-01-15

·

CVE-2019-14843

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Wildfly Security Manager versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7
Description The issue is related to inadequate access control in the Wildfly Security Manager, which can be exploited to gain access to protected information. A malicious application deployed on the application server could potentially use this flaw to access unauthorized information and conduct further attacks.
Recommendations For versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7, consider restricting access to sensitive information until a fix is available. As a temporary workaround, review and limit the deployment of applications on the server to minimize the risk of exploitation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-592

Related Identifiers

BDU:2020-02179
CVE-2019-14843
RHSA-2019:2973
RHSA-2019:4018
RHSA-2019:4019
RHSA-2019:4020
RHSA-2019:4040
RHSA-2019:4041
RHSA-2019:4042
RHSA-2024:5856

Affected Products

Jboss Eap
Red Hat Sso
Wildfly Security Manager