⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-06-15.
CVE-2010-1428 — Exposed Dangerous Method or Function in Redhat Jboss Enterprise Application Platform
Severity
7.5HIGHNVD
EPSS
67.6%
top 1.42%
CISA KEV
KEVRansomware
Added 2022-05-25
Due 2022-06-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedApr 28
KEV addedMay 25
KEV dueJun 15
CISA Required Action: Apply updates per vendor instructions.
Description
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages1 packages
🔴Vulnerability Details
3GHSA▶
GHSA-vcwg-4772-7rvx: The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4↗2022-05-02
CVEList▶
CVE-2010-1428: The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4↗2010-04-28