CVE-2019-10184 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 71%

Affected Products (NVD)

Vendor	Product	Version
redhat	undertow	𝑥 < 2.0.23
redhat	jboss_data_grid	-
redhat	jboss_enterprise_application_platform	-
redhat	jboss_enterprise_application_platform	7.0.0
redhat	openshift_application_runtimes	-
redhat	openshift_application_runtimes	1.0
redhat	single_sign-on	-
redhat	single_sign-on	7.0
redhat	jboss_enterprise_application_platform	7.2
redhat	jboss_enterprise_application_platform	7.3
redhat	jboss_enterprise_application_platform	7.4
redhat	jboss_enterprise_application_platform	7.2
redhat	jboss_enterprise_application_platform	7.3
redhat	jboss_enterprise_application_platform	7.4
redhat	jboss_enterprise_application_platform	7.2
redhat	jboss_enterprise_application_platform	7.3
redhat	single_sign-on	7.3
redhat	single_sign-on	7.3
redhat	single_sign-on	7.3
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

undertow

sid	2.3.8-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

undertow

bionic	needed
disco	ignored
eoan	Fixed 2.0.23-1 released
focal	Fixed 2.0.23-1 released
groovy	Fixed 2.0.23-1 released
hirsute	Fixed 2.0.23-1 released
impish	Fixed 2.0.23-1 released
jammy	Fixed 2.0.23-1 released
kinetic	Fixed 2.0.23-1 released
lunar	dne
mantic	dne
noble	needs-triage
trusty	dne
xenial	needed

Common Weakness Enumeration

CWE-862 - Missing Authorization
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

References

https://access.redhat.com/errata/RHSA-2019:2935

https://access.redhat.com/errata/RHSA-2019:2936

https://access.redhat.com/errata/RHSA-2019:2937

https://access.redhat.com/errata/RHSA-2019:2938

https://access.redhat.com/errata/RHSA-2019:2998

https://access.redhat.com/errata/RHSA-2019:3044

https://access.redhat.com/errata/RHSA-2019:3045

https://access.redhat.com/errata/RHSA-2019:3046

https://access.redhat.com/errata/RHSA-2019:3050

https://access.redhat.com/errata/RHSA-2020:0727

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184

https://github.com/undertow-io/undertow/pull/794

https://security.netapp.com/advisory/ntap-20220210-0016/

https://access.redhat.com/errata/RHSA-2019:2935

https://access.redhat.com/errata/RHSA-2019:2936

https://access.redhat.com/errata/RHSA-2019:2937

https://access.redhat.com/errata/RHSA-2019:2938

https://access.redhat.com/errata/RHSA-2019:2998

https://access.redhat.com/errata/RHSA-2019:3044

https://access.redhat.com/errata/RHSA-2019:3045

https://access.redhat.com/errata/RHSA-2019:3046

https://access.redhat.com/errata/RHSA-2019:3050

https://access.redhat.com/errata/RHSA-2020:0727

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184

https://github.com/undertow-io/undertow/pull/794

https://security.netapp.com/advisory/ntap-20220210-0016/