CVE-2020-1748

CWE-285CWE-863Incorrect Authorization8 documents7 sources
Severity
7.5HIGH
EPSS
0.3%
top 45.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat Wildfly ElytronRedhat Decision ManagerRedhat Process Automation
Timeline
PublishedSep 16
Latest updateFeb 15

Description

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDredhat/wildfly_elytron< 1.6.8.final-redhat-00001
CVEListV5wildflybefore wildfly-elytron-1.6.8.Final-redhat-00001

🔴Vulnerability Details

3
OSV
Incorrect Authorization in WildFly Elytron2022-02-15
GHSA
Incorrect Authorization in WildFly Elytron2022-02-15
CVEList
CVE-2020-1748: A flaw was found in all supported versions before wildfly-elytron-12020-09-16

💥Exploits & PoCs

1
Exploit-DB
Complaint Management System 4.0 - 'cid' SQL injection2020-01-06

📋Vendor Advisories

1
Red Hat
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain2020-08-06

💬Community

2
Bugzilla
CVE-2020-25667 ImageMagick: heap-based buffer overflow in TIFFGetProfiles in coders/tiff.c2020-10-26
Bugzilla
CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain2020-02-27