PT-2021-9712 · Red Hat · Jboss Enterprise Application Platform - Continuous Delivery

Kunjan Rathod

Published

2021-06-02

Updated

2021-06-10

CVE-2020-14317

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) versions (affected versions not specified)

Description A security issue has reappeared in JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) due to regression, allowing an attacker to exploit it by modifying the PID file in /var/run/jboss-eap/. This modification enables the init.d script to terminate any process as root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-364

Related Identifiers

BIT-WILDFLY-2020-14317

CVE-2020-14317

Affected Products

Jboss Enterprise Application Platform - Continuous Delivery

PT-2021-9712 · Red Hat · Jboss Enterprise Application Platform - Continuous Delivery

CVE-2020-14317

Weakness Enumeration

Related Identifiers

Affected Products

References · 3