Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-4061

Опубликовано: 08 нояб. 2023
Источник: nvd
CVSS3: 6.5
CVSS3: 6.5
EPSS Низкий

Описание

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:wildfly_core:*:*:*:*:*:*:*:*
Версия до 15.0.30 (исключая)
Конфигурация 2

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 49%
0.00258
Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-200
NVD-CWE-noinfo

Связанные уязвимости

redhat логотип

CVE-2023-4061

CVSS3: 6.5
redhat
больше 2 лет назад

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.

github логотип

GHSA-26qx-4m49-6cfr

CVSS3: 6.5
github
около 2 лет назад

wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability

EPSS

Процентиль: 49%
0.00258
Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-200
NVD-CWE-noinfo