Описание
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
Ссылки
- Issue TrackingVendor Advisory
- Third Party Advisory
- Issue TrackingVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.8.final-redhat-00001 (исключая)
cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.0031
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.8
redhat
больше 5 лет назад
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
EPSS
Процентиль: 54%
0.0031
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo