Описание
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | wildfly-core | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | wildfly-core | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | jbossas | Not affected | ||
| Red Hat JBoss Fuse 6 | wildfly-core | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | wildfly-core | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | wildfly-core | Affected | ||
| Red Hat Process Automation 7 | wildfly-core | Not affected | ||
| Red Hat Data Grid 7.3.4 | wildfly-core | Fixed | RHSA-2020:0728 | 05.03.2020 |
| Red Hat JBoss EAP 7.2 | wildfly-core | Fixed | RHSA-2019:3083 | 15.10.2019 |
| Red Hat JBoss EAP 7.2 | wildfly-core | Fixed | RHSA-2019:4021 | 26.11.2019 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1751227wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
EPSS
Процентиль: 59%
0.00381
Низкий
5.2 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.9
nvd
больше 6 лет назад
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
CVSS3: 4.9
debian
больше 6 лет назад
A flaw was found in wildfly-core before 7.2.5.GA. The Management users ...
EPSS
Процентиль: 59%
0.00381
Низкий
5.2 Medium
CVSS3