Lucene search

RedhatCVE-2019-14838

HistoryOct 14, 2019 - 3:15 p.m.

CVE-2019-14838

2019-10-1415:15:09

CWE-269

CWE-284

redhat

web.nvd.nist.gov

102

cve-2019-14838

wildfly-core

server management

unauthorized access

security flaw

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

60.2%

JSON

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

Affected configurations

Nvd

Vulners

Node

redhatwildfly_coreMatch7.0.0-

redhatwildfly_coreMatch7.0.0alpha1

redhatwildfly_coreMatch7.0.0alpha2

redhatwildfly_coreMatch7.0.0alpha3

redhatwildfly_coreMatch7.0.0alpha4

redhatwildfly_coreMatch7.0.0alpha5

redhatwildfly_coreMatch7.0.0beta1

redhatwildfly_coreMatch7.0.0cr1

Node

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

AND

redhatjboss_enterprise_application_platformMatch7.2.0

redhatjboss_enterprise_application_platformMatch7.2.5

redhatjboss_enterprise_application_platformMatch7.3.0

redhatsingle_sign-onMatch7.3.5

Node

redhatdata_gridMatch7.3.4

redhatjboss_enterprise_application_platformMatch7.2.4

VendorProductVersionCPE
redhatwildfly_core7.0.0cpe:2.3:a:redhat:wildfly_core:7.0.0:-:*:*:*:*:*:*
redhatwildfly_core7.0.0cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha1:*:*:*:*:*:*
redhatwildfly_core7.0.0cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha2:*:*:*:*:*:*
redhatwildfly_core7.0.0cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha3:*:*:*:*:*:*
redhatwildfly_core7.0.0cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha4:*:*:*:*:*:*
redhatwildfly_core7.0.0cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha5:*:*:*:*:*:*
redhatwildfly_core7.0.0cpe:2.3:a:redhat:wildfly_core:7.0.0:beta1:*:*:*:*:*:*
redhatwildfly_core7.0.0cpe:2.3:a:redhat:wildfly_core:7.0.0:cr1:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	wildfly_core	7.0.0	cpe:2.3:a:redhat:wildfly_core:7.0.0:-::::::
redhat	wildfly_core	7.0.0	cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha1::::::
redhat	wildfly_core	7.0.0	cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha2::::::
redhat	wildfly_core	7.0.0	cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha3::::::
redhat	wildfly_core	7.0.0	cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha4::::::
redhat	wildfly_core	7.0.0	cpe:2.3:a:redhat:wildfly_core:7.0.0:alpha5::::::
redhat	wildfly_core	7.0.0	cpe:2.3:a:redhat:wildfly_core:7.0.0:beta1::::::
redhat	wildfly_core	7.0.0	cpe:2.3:a:redhat:wildfly_core:7.0.0:cr1::::::
redhat	enterprise_linux	6.0	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

Rows per page:

1-10 of 171

CNA Affected

[
  {
    "product": "wildfly-core",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "before 7.2.5.GA"
      }
    ]
  }
]