CVE-2018-14627Cleartext Transmission of Sensitive Info in Redhat Wildfly

CWE-319Cleartext Transmission of Sensitive Info5 documents5 sources
Severity
5.9MEDIUMNVD
CNA5.3
EPSS
0.2%
top 54.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Wildfly
Timeline
PublishedSep 4
Latest updateMay 13

Description

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections:

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDredhat/wildfly< 14.0.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-x5xm-f46c-5cpq: The IIOP OpenJDK Subsystem in WildFly before version 142022-05-13
CVEList
CVE-2018-14627: The IIOP OpenJDK Subsystem in WildFly before version 142018-09-04

📋Vendor Advisories

1
Red Hat
JBoss/WildFly: iiop does not honour strict transport confidentiality2017-07-19

💬Community

1
Bugzilla
CVE-2018-14627 JBoss/WildFly: iiop does not honour strict transport confidentiality2018-09-03
CVE-2018-14627 — Redhat Wildfly vulnerability | cvebase