Lucene search

Veracode Vulnerability DatabaseVERACODE:25389

HistoryMay 13, 2020 - 3:23 a.m.

Privilege Escalation

2020-05-1303:23:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

JSON

wildfly is vulnerable to privilege escalation. The vulnerability exists as the EJBContext principal is not popped back after invoking another EJB using a different Security Domain.

CPENameOperatorVersion
eap7-jgroups-kuberneteseq1.0.6__1.Final_redhat_2.1.el7eap
eap7-jgroups-kuberneteseq1.0.6__1.Final_redhat_2.1.el8eap
eap7-jgroups-kuberneteseq1.0.6__1.Final_redhat_2.1.el6eap
eap7-jboss-ejb-api_3.2_speceq1.0.1__1.Final_redhat_1.1.el6eap
eap7-jboss-ejb-api_3.2_speceq1.0.1__1.Final_redhat_1.1.el7eap
eap7-jboss-ejb-api_3.2_speceq1.0.0__3.Final_redhat_1.1.ep7.el7
eap7-jboss-ejb-api_3.2_speceq1.0.0__3.Final_redhat_1.1.ep7.el6
eap7-jboss-ejb-api_3.2_speceq1.0.0__1.Final_redhat_1.1.ep7.el6
eap7-jboss-ejb-api_3.2_speceq1.0.1__1.Final_redhat_1.1.el8eap
eap7-jboss-ejb-api_3.2_speceq1.0.0__1.Final_redhat_1.1.ep7.el7

Name	Operator	Version
eap7-jgroups-kubernetes	eq	1.0.6__1.Final_redhat_2.1.el7eap
eap7-jgroups-kubernetes	eq	1.0.6__1.Final_redhat_2.1.el8eap
eap7-jgroups-kubernetes	eq	1.0.6__1.Final_redhat_2.1.el6eap
eap7-jboss-ejb-api_3.2_spec	eq	1.0.1__1.Final_redhat_1.1.el6eap
eap7-jboss-ejb-api_3.2_spec	eq	1.0.1__1.Final_redhat_1.1.el7eap
eap7-jboss-ejb-api_3.2_spec	eq	1.0.0__3.Final_redhat_1.1.ep7.el7
eap7-jboss-ejb-api_3.2_spec	eq	1.0.0__3.Final_redhat_1.1.ep7.el6
eap7-jboss-ejb-api_3.2_spec	eq	1.0.0__1.Final_redhat_1.1.ep7.el6
eap7-jboss-ejb-api_3.2_spec	eq	1.0.1__1.Final_redhat_1.1.el8eap
eap7-jboss-ejb-api_3.2_spec	eq	1.0.0__1.Final_redhat_1.1.ep7.el7

Rows per page:

1-10 of 11451

References

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

access.redhat.com/errata/RHSA-2020:2060

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1796617

issues.redhat.com/browse/JBEAP-18071

issues.redhat.com/browse/JBEAP-18267

issues.redhat.com/browse/JBEAP-18278

issues.redhat.com/browse/JBEAP-18423

issues.redhat.com/browse/JBEAP-18438

issues.redhat.com/browse/JBEAP-18503

issues.redhat.com/browse/JBEAP-18506

issues.redhat.com/browse/JBEAP-18536

issues.redhat.com/browse/JBEAP-18595

issues.redhat.com/browse/JBEAP-18616

issues.redhat.com/browse/JBEAP-18628

issues.redhat.com/browse/JBEAP-18631

issues.redhat.com/browse/JBEAP-18639

issues.redhat.com/browse/JBEAP-18646

issues.redhat.com/browse/JBEAP-18652

issues.redhat.com/browse/JBEAP-18664

issues.redhat.com/browse/JBEAP-18724

issues.redhat.com/browse/JBEAP-18729

issues.redhat.com/browse/JBEAP-18787

issues.redhat.com/browse/JBEAP-18789

issues.redhat.com/browse/JBEAP-18817

issues.redhat.com/browse/JBEAP-18827

issues.redhat.com/browse/JBEAP-18835

issues.redhat.com/browse/JBEAP-18885

issues.redhat.com/browse/JBEAP-18887

issues.redhat.com/browse/JBEAP-18931

issues.redhat.com/browse/JBEAP-18988

issues.redhat.com/browse/JBEAP-18989

issues.redhat.com/browse/JBEAP-19233

issues.redhat.com/browse/JBEAP-19234

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

JSON

Related for VERACODE:25389