Описание
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Data Grid 8 | wildfly | Not affected | ||
| Red Hat Decision Manager 7 | wildfly | Not affected | ||
| Red Hat JBoss Data Grid 7 | wildfly | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | jbossas | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | wildfly | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 5 | jbossas | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | jbossas | Out of support scope | ||
| Red Hat JBoss Fuse 6 | wildfly | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | wildfly | Out of support scope | ||
| Red Hat JBoss SOA Platform 5 | jbossas | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
A flaw was discovered in WildFly before 21.0.0.Final where, Resource a ...
EPSS
5.3 Medium
CVSS3