CVE-2020-10714
published 2020-09-23CVE-2020-10714: A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker…
high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | codeready_studio | — | — |
| redhat | descision_manager | — | — |
| redhat | jboss_fuse | — | — |
| redhat | process_automation | — | — |
| redhat | wildfly_elytron | < 1.11.3 | 1.11.3 |