Lucene search

Veracode Vulnerability DatabaseVERACODE:18669

HistoryMay 02, 2019 - 6:47 a.m.

Information Disclosure

2019-05-0206:47:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

EAP is vulnerable to information disclosure attacks. An attacker could manipulate the component, Configuration File Handler with an unknown input which leads to partially modify data and disclosure of information.

CPENameOperatorVersion
eap7-sun-ws-metadata-2.0-apieq1.0.0__4.MR1_redhat_8.1.ep7.el6
eap7-sun-ws-metadata-2.0-apieq1.0.0__4.MR1_redhat_8.1.ep7.el7
eap7-httpcomponents-clienteq4.5.0__1.redhat_1.1.ep7.el6
eap7-httpcomponents-clienteq4.5.0__1.redhat_1.1.ep7.el7
eap7-sun-saaj-1.3-impleq1.3.16__15.SP1_redhat_6.1.ep7.el6
eap7-sun-saaj-1.3-impleq1.3.16__15.SP1_redhat_6.1.ep7.el7
eap7-artemis-wildfly-integrationeq1.0.2__1.redhat_1.1.ep7.el7
eap7-artemis-wildfly-integrationeq1.0.2__1.redhat_1.1.ep7.el6
eap7-jboss-concurrency-api_1.0_speceq1.0.0__1.Final_redhat_1.1.ep7.el6
eap7-jboss-concurrency-api_1.0_speceq1.0.0__1.Final_redhat_1.1.ep7.el7

Name	Operator	Version
eap7-sun-ws-metadata-2.0-api	eq	1.0.0__4.MR1_redhat_8.1.ep7.el6
eap7-sun-ws-metadata-2.0-api	eq	1.0.0__4.MR1_redhat_8.1.ep7.el7
eap7-httpcomponents-client	eq	4.5.0__1.redhat_1.1.ep7.el6
eap7-httpcomponents-client	eq	4.5.0__1.redhat_1.1.ep7.el7
eap7-sun-saaj-1.3-impl	eq	1.3.16__15.SP1_redhat_6.1.ep7.el6
eap7-sun-saaj-1.3-impl	eq	1.3.16__15.SP1_redhat_6.1.ep7.el7
eap7-artemis-wildfly-integration	eq	1.0.2__1.redhat_1.1.ep7.el7
eap7-artemis-wildfly-integration	eq	1.0.2__1.redhat_1.1.ep7.el6
eap7-jboss-concurrency-api_1.0_spec	eq	1.0.0__1.Final_redhat_1.1.ep7.el6
eap7-jboss-concurrency-api_1.0_spec	eq	1.0.0__1.Final_redhat_1.1.ep7.el7

Rows per page:

1-10 of 4821

References

www.securityfocus.com/bid/100903

access.redhat.com/documentation/en/jboss-enterprise-application-platform/

access.redhat.com/errata/RHSA-2017:3454

access.redhat.com/errata/RHSA-2017:3455

access.redhat.com/errata/RHSA-2017:3456

access.redhat.com/errata/RHSA-2017:3458

access.redhat.com/errata/RHSA-2018:0002

access.redhat.com/errata/RHSA-2018:0003

access.redhat.com/errata/RHSA-2018:0004

access.redhat.com/errata/RHSA-2018:0005

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167

issues.jboss.org/browse/JBEAP-5322

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:18669