CVE-2019-14838

Опубликовано: 14 окт. 2019

Источник: nvd

CVSS3: 5.2

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

Ссылки

https://access.redhat.com/errata/RHSA-2019:3082
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3083
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4018
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4019
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4020
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4021
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4040
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4041
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4042
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4045
Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0728
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14838
Issue Tracking
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3082
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3083
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4018
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4019
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4020
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4021
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4040
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4041
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:wildfly_core:7.0.0:-:*:*:*:*:*:*

cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:redhat:wildfly_core:7.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:redhat:wildfly_core:7.0.0:cr1:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.5:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:single_sign-on:7.3.5:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:redhat:data_grid:7.3.4:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00381

Низкий

5.2 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

CWE-269

Связанные уязвимости

CVE-2019-14838

CVSS3: 5.2

redhat

больше 6 лет назад

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

CVE-2019-14838

CVSS3: 4.9

debian

больше 6 лет назад

A flaw was found in wildfly-core before 7.2.5.GA. The Management users ...

GHSA-82v2-f875-73g9

CVSS3: 4.9

github

больше 3 лет назад

Wildfly Authorization Misconfiguration

EPSS

Процентиль: 59%

0.00381

Низкий

5.2 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

CWE-269