CVE-2019-14839

CWE-200 — Information Exposure5 documents5 sources

Severity

7.5HIGH

EPSS

0.3%

top 49.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Business-central Redhat Descision Manager Redhat Process Automation

Timeline

PublishedApr 1

Latest updateApr 3

Description

It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDredhat/business-central7.48.0

▶CVEListV5business-centralversions up to and including business-central-webapp-7.48.0

▶NVDredhat/descision_manager7.0

▶NVDredhat/process_automation7.0

🔴Vulnerability Details

GHSA

GHSA-rp4p-25j3-mhw4: It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercept↗2022-04-03

▶

CVEList

CVE-2019-14839: It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercept↗2022-04-01

▶

📋Vendor Advisories

Red Hat

Business-central: HTTP Request interception disclose sensitive information like username and password↗2021-05-31

▶

💬Community

Bugzilla

CVE-2019-14839 Business-central: HTTP Request interception disclose sensitive information like username and password↗2019-09-03

▶