Lucene search

RedhatCVE-2019-14841

HistoryOct 17, 2022 - 4:15 p.m.

CVE-2019-14841

2022-10-1716:15:15

CWE-281

redhat

web.nvd.nist.gov

flaw

rhdm

authenticated attacker

assigned role

response header

admin privileges

business central console

cve-2019-14841

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

37.0%

JSON

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.

Affected configurations

Nvd

Vulners

Node

redhatdecision_managerMatch7.0

redhatprocess_automationMatch7.0

VendorProductVersionCPE
redhatdecision_manager7.0cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
redhatprocess_automation7.0cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	decision_manager	7.0	cpe:2.3:a:redhat:decision_manager:7.0:::::::*
redhat	process_automation	7.0	cpe:2.3:a:redhat:process_automation:7.0:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Business-central",
    "versions": [
      {
        "version": "Business-central as shipped in RHDM 7 and RHPAM 7",
        "status": "affected"
      }
    ]
  }
]

References

access.redhat.com/security/cve/CVE-2019-14841

bugzilla.redhat.com/show_bug.cgi?id=1744801

Social References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

37.0%

JSON

Related for CVE-2019-14841