CVE-2020-1719 — Privilege Context Switching Error in Redhat Wildfly

CWE-270 — Privilege Context Switching Error7 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 68.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Wildfly

Timeline

PublishedJun 7

Latest updateJun 8

Description

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDredhat/wildfly< 20.0.0

▶CVEListV5redhat/wildflywildfly 20.0.0.Final

🔴Vulnerability Details

GHSA

Privilege Context Switching Error in wildlfy↗2021-06-08

▶

OSV

Privilege Context Switching Error in wildlfy↗2021-06-08

▶

CVEList

CVE-2020-1719: A flaw was found in wildfly↗2021-06-07

▶

📋Vendor Advisories

Red Hat

Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain↗2019-06-18

▶

💬Community

Bugzilla

CVE-2020-27758 ImageMagick: outside the range of representable values of type 'unsigned long long' at coders/txt.c↗2020-11-03

▶

Bugzilla

CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain↗2020-01-30

▶