CVE-2020-10714

Summary

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected Software

VendorProductVersion RangeStatus
n/awildfly-elytronwildfly-elytron 1.10.7.Finalaffected

Weaknesses

  • CWE-384: CWE-384

ADP Enrichment

CVE Program Container

Additional References

References