Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-10718

Опубликовано: 06 авг. 2020
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.

A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Data Grid 8wildflyNot affected
Red Hat Decision Manager 7wildflyNot affected
Red Hat Fuse 7wildflyWill not fix
Red Hat JBoss Data Grid 7wildflyOut of support scope
Red Hat JBoss Data Virtualization 6jbossasOut of support scope
Red Hat JBoss Data Virtualization 6wildflyOut of support scope
Red Hat JBoss Enterprise Application Platform 5jbossasOut of support scope
Red Hat JBoss Enterprise Application Platform 6jbossasOut of support scope
Red Hat JBoss Enterprise Application Platform Continuous DeliverywildflyOut of support scope
Red Hat JBoss Fuse 6wildflyNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-749
https://bugzilla.redhat.com/show_bug.cgi?id=1828476wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API

EPSS

Процентиль: 50%
0.0027
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-10718

CVSS3: 7.5
nvd
больше 5 лет назад

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.

debian логотип

CVE-2020-10718

CVSS3: 7.5
debian
больше 5 лет назад

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, wher ...

github логотип

GHSA-wqwx-hvg4-2wh9

github
больше 3 лет назад

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.

EPSS

Процентиль: 50%
0.0027
Низкий

5.9 Medium

CVSS3