Vulnerability Name: | CVE-2019-14838 (CCN-169714) | ||||||||||||
Assigned: | 2019-10-14 | ||||||||||||
Published: | 2019-10-14 | ||||||||||||
Updated: | 2020-10-13 | ||||||||||||
Summary: | A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server | ||||||||||||
CVSS v3 Severity: | 4.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N) 4.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-269 | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2019-14838 Source: REDHAT Type: Vendor Advisory RHSA-2019:3082 Source: REDHAT Type: Vendor Advisory RHSA-2019:3083 Source: REDHAT Type: Vendor Advisory RHSA-2019:4018 Source: REDHAT Type: Vendor Advisory RHSA-2019:4019 Source: REDHAT Type: Vendor Advisory RHSA-2019:4020 Source: REDHAT Type: Vendor Advisory RHSA-2019:4021 Source: REDHAT Type: Vendor Advisory RHSA-2019:4040 Source: REDHAT Type: Vendor Advisory RHSA-2019:4041 Source: REDHAT Type: Vendor Advisory RHSA-2019:4042 Source: REDHAT Type: Vendor Advisory RHSA-2019:4045 Source: REDHAT Type: Vendor Advisory RHSA-2020:0728 Source: CCN Type: Red Hat Bugzilla Bug 1751227 (CVE-2019-14838) - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default Source: CONFIRM Type: Issue Tracking, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14838 Source: XF Type: UNKNOWN wildfly-cve201914838-priv-esc(169714) Source: CCN Type: wildfly-core GIT Repository wildfly-core | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Denotes that component is vulnerable | ||||||||||||
BACK |