CVE-2023-4503

Summary

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:2.2.28-1.SP1_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:7.4.14-5.GA_redhat_00002.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 90:2.2.28-1.SP1_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 90:7.4.14-5.GA_redhat_00002.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 70:2.2.28-1.SP1_redhat_00001.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 70:7.4.14-5.GA_redhat_00002.1.el7eap < *unaffected

Weaknesses

  • CWE-665: Improper Initialization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References