CVE-2019-14838

CWE-284 — Improper Access Control CWE-269 — Improper Privilege Management6 documents6 sources

Severity

4.9MEDIUM

EPSS

0.4%

top 40.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Wildfly-core Redhat Data Grid Redhat Jboss Enterprise Application Platform +2 more

Timeline

PublishedOct 14

Latest updateMay 24

Description

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages6 packages

▶Mavenorg.wildfly.core:wildfly-host-controller< 7.2.5.GA

▶NVDredhat/wildfly_core7.0.0

▶CVEListV5red_hat/wildfly-corebefore 7.2.5.GA

▶NVDredhat/data_grid7.3.4

▶NVDredhat/single_sign-on7.3.5

🔴Vulnerability Details

OSV

Wildfly Authorization Misconfiguration↗2022-05-24

▶

GHSA

Wildfly Authorization Misconfiguration↗2022-05-24

▶

CVEList

CVE-2019-14838: A flaw was found in wildfly-core before 7↗2019-10-14

▶

📋Vendor Advisories

Red Hat

wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default↗2019-10-11

▶

💬Community

Bugzilla

CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default↗2019-09-11

▶