Lucene search

Veracode Vulnerability DatabaseVERACODE:22358

HistoryJan 24, 2020 - 12:24 a.m.

Information Disclosure

2020-01-2400:24:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

jboss-cli is vulnerable to information disclosure. The vulnerability exists as the JBoss EAP Vault system property security attribute value is revealed on CLI ‘reload’ command.

CPENameOperatorVersion
eap7-jboss-server-migrationeq1.3.1__3.Final_redhat_00003.1.el8eap
eap7-jboss-server-migrationeq1.3.1__4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migrationeq1.3.1__3.Final_redhat_00003.1.el7eap
eap7-jboss-server-migrationeq1.0.6__3.Final_redhat_3.1.ep7.el7
eap7-jboss-server-migrationeq1.0.3__4.Final_redhat_4.1.ep7.el7
eap7-jboss-server-migrationeq1.3.1__2.Final_redhat_00002.1.el8eap
eap7-jboss-server-migrationeq1.3.1__6.Final_redhat_00006.1.el8eap
eap7-jboss-server-migrationeq1.3.1__4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migrationeq1.0.4__1.Final_redhat_1.1.ep7.el7
eap7-jboss-server-migrationeq1.3.0__5.Final_redhat_00003.1.el7eap

Name	Operator	Version
eap7-jboss-server-migration	eq	1.3.1__3.Final_redhat_00003.1.el8eap
eap7-jboss-server-migration	eq	1.3.1__4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration	eq	1.3.1__3.Final_redhat_00003.1.el7eap
eap7-jboss-server-migration	eq	1.0.6__3.Final_redhat_3.1.ep7.el7
eap7-jboss-server-migration	eq	1.0.3__4.Final_redhat_4.1.ep7.el7
eap7-jboss-server-migration	eq	1.3.1__2.Final_redhat_00002.1.el8eap
eap7-jboss-server-migration	eq	1.3.1__6.Final_redhat_00006.1.el8eap
eap7-jboss-server-migration	eq	1.3.1__4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration	eq	1.0.4__1.Final_redhat_1.1.ep7.el7
eap7-jboss-server-migration	eq	1.3.0__5.Final_redhat_00003.1.el7eap

Rows per page:

1-10 of 140641

References

access.redhat.com/errata/RHSA-2020:0161

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885

issues.redhat.com/browse/JBEAP-17491

issues.redhat.com/browse/JBEAP-17541

issues.redhat.com/browse/JBEAP-17651

issues.redhat.com/browse/JBEAP-17652

issues.redhat.com/browse/JBEAP-17666

issues.redhat.com/browse/JBEAP-17773

issues.redhat.com/browse/JBEAP-17779

issues.redhat.com/browse/JBEAP-17789

issues.redhat.com/browse/JBEAP-17805

issues.redhat.com/browse/JBEAP-17836

issues.redhat.com/browse/JBEAP-17837

issues.redhat.com/browse/JBEAP-17887

issues.redhat.com/browse/JBEAP-17898

issues.redhat.com/browse/JBEAP-17905

issues.redhat.com/browse/JBEAP-17906

issues.redhat.com/browse/JBEAP-17940

issues.redhat.com/browse/JBEAP-17945

issues.redhat.com/browse/JBEAP-17974

issues.redhat.com/browse/JBEAP-17998

issues.redhat.com/browse/JBEAP-18169

issues.redhat.com/browse/JBEAP-18170

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for VERACODE:22358