CVE-2019-14843
7.5
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | wildfly-security-manager | As shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 | affected |
Weaknesses
- CWE-592: CWE-592
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.