Описание
It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.
Ссылки
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.21.0 (исключая)
cpe:2.3:a:redhat:kie-server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00298
Низкий
5.9 Medium
CVSS3
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-260
CWE-255
Связанные уязвимости
CVSS3: 5.9
redhat
больше 6 лет назад
It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.
EPSS
Процентиль: 53%
0.00298
Низкий
5.9 Medium
CVSS3
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-260
CWE-255