Описание
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.
Отчет
Red Hat has evaluated and the attacker must be authenticated as user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”. This issue requires previous privilege to jeopardize an environment.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Data Grid 7 | org.jboss.hal/hal-console | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | org.jboss.hal/hal-console | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 8 | org.jboss.hal/hal-console | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | org.jboss.hal/hal-console | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.
A flaw was found in the HAL Console in the Wildfly component, which do ...
HAL Console has a Cross Site Scripting (XSS) vulnerability of user input
6.5 Medium
CVSS3