CVE-2023-4503

Опубликовано: 04 дек. 2023

Источник: redhat

CVSS3: 6.8

EPSS Низкий

Описание

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Enterprise Application Platform Expansion Pack	eap-galleon	Affected
EAP 7.4.14	eap-galleon	Fixed	RHSA-2023:7641	04.12.2023
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	eap7-undertow	Fixed	RHSA-2023:7638	04.12.2023
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	eap7-wildfly	Fixed	RHSA-2023:7638	04.12.2023
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	eap7-undertow	Fixed	RHSA-2023:7639	04.12.2023
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	eap7-wildfly	Fixed	RHSA-2023:7639	04.12.2023
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	eap7-undertow	Fixed	RHSA-2023:7637	04.12.2023
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	eap7-wildfly	Fixed	RHSA-2023:7637	04.12.2023
Red Hat JBoss Enterprise Application Platform 8		Fixed	RHSA-2024:3583	04.06.2024
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	eap8-activemq-artemis	Fixed	RHSA-2024:3580	04.06.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-665

https://bugzilla.redhat.com/show_bug.cgi?id=2184751eap-galleon: custom provisioning creates unsecured http-invoker

EPSS

Процентиль: 41%

0.00191

Низкий

6.8 Medium

CVSS3

Связанные уязвимости

CVE-2023-4503

CVSS3: 6.8

nvd

около 2 лет назад

GHSA-6c6r-r3r9-h62j

CVSS3: 6.8

github

около 2 лет назад

EPSS

Процентиль: 41%

0.00191

Низкий

6.8 Medium

CVSS3