Описание
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | wildfly | Will not fix | ||
| Red Hat JBoss Data Virtualization 6 | jbossas | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | wildfly | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 5 | jbossas | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | jbossas | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform Continuous Delivery | wildfly | Out of support scope | ||
| Red Hat JBoss Fuse 6 | wildfly | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | wildfly | Out of support scope | ||
| Red Hat JBoss SOA Platform 5 | jbossas | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | wildfly | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
Связанные уязвимости
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
EPSS
4.8 Medium
CVSS3