CVE-2019-14885 — Log File Information Exposure in Redhat Jboss Enterprise Application Platform

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 44.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform RED HAT Jboss EAP Redhat Single Sign-on

Timeline

PublishedJan 23

Latest updateMay 24

Description

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDredhat/jboss_enterprise_application_platform< 7.2.6+1

▶CVEListV5red_hat/jboss_eapAll versions before 7.2.6.GA

▶NVDredhat/single_sign-on7.0

🔴Vulnerability Details

GHSA

GHSA-cxpp-v3rm-fq33: A flaw was found in the JBoss EAP Vault system in all versions before 7↗2022-05-24

▶

CVEList

CVE-2019-14885: A flaw was found in the JBoss EAP Vault system in all versions before 7↗2020-01-23

▶

📋Vendor Advisories

Red Hat

EAP: Vault system property security attribute value is revealed on CLI 'reload' command↗2020-01-20

▶

💬Community

Bugzilla

CVE-2019-14885 JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command↗2019-11-11

▶