Lucene search
RedhatCVELIST:CVE-2023-4503HistoryFeb 06, 2024 - 8:39 a.m.
CVE-2023-4503 Eap-galleon: custom provisioning creates unsecured http-invoker
2024-02-0608:39:01
CWE-665
redhat
www.cve.org
1
improper initialization
eap-galleon
unsecured http-invoker
remote access
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
30.9%
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "EAP 7.4.14",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unaffected",
"packageName": "eap-galleon",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "eap7-undertow",
"defaultStatus": "affected",
"versions": [
{
"version": "0:2.2.28-1.SP1_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "eap7-wildfly",
"defaultStatus": "affected",
"versions": [
{
"version": "0:7.4.14-5.GA_redhat_00002.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "eap7-undertow",
"defaultStatus": "affected",
"versions": [
{
"version": "0:2.2.28-1.SP1_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "eap7-wildfly",
"defaultStatus": "affected",
"versions": [
{
"version": "0:7.4.14-5.GA_redhat_00002.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "eap7-undertow",
"defaultStatus": "affected",
"versions": [
{
"version": "0:2.2.28-1.SP1_redhat_00001.1.el7eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "eap7-wildfly",
"defaultStatus": "affected",
"versions": [
{
"version": "0:7.4.14-5.GA_redhat_00002.1.el7eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "eap-galleon",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
]
}
]Related
prion
prion
Input validation
2024-02-06 09:15:00
redhatcve
redhatcve
CVE-2023-4503
2023-12-04 17:54:08
nvd
nvd
CVE-2023-4503
2024-02-06 09:15:52
cve
cve
CVE-2023-4503
2024-02-06 09:15:52
nessus
nessus
redhat
redhat
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
30.9%
Related for CVELIST:CVE-2023-4503