CVE-2019-14843
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/01/2020
Last modified:
15/01/2020
Description
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* |
To consult the complete list of CPE names with products and versions, see this page