Описание
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | picketbox | Affected | ||
| Red Hat BPM Suite 6 | picketbox | Out of support scope | ||
| Red Hat Data Grid 8 | picketbox | Not affected | ||
| Red Hat Decision Manager 7 | picketbox | Not affected | ||
| Red Hat Fuse 7 | picketbox | Will not fix | ||
| Red Hat JBoss BRMS 6 | picketbox | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | picketbox | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | picketbox | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | picketbox | Out of support scope | ||
| Red Hat JBoss Fuse 6 | picketbox | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.7 Medium
CVSS3
Связанные уязвимости
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.
EPSS
5.7 Medium
CVSS3