CVE-2019-14838
14.10.2019, 15:15
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the serverEnginsight
| Vendor | Product | Version |
|---|---|---|
| redhat | wildfly_core | 7.0.0 |
| redhat | wildfly_core | 7.0.0:alpha1 |
| redhat | wildfly_core | 7.0.0:alpha2 |
| redhat | wildfly_core | 7.0.0:alpha3 |
| redhat | wildfly_core | 7.0.0:alpha4 |
| redhat | wildfly_core | 7.0.0:alpha5 |
| redhat | wildfly_core | 7.0.0:beta1 |
| redhat | wildfly_core | 7.0.0:cr1 |
| redhat | jboss_enterprise_application_platform | 7.2.0 |
| redhat | jboss_enterprise_application_platform | 7.2.5 |
| redhat | jboss_enterprise_application_platform | 7.3.0 |
| redhat | single_sign-on | 7.3.5 |
| redhat | data_grid | 7.3.4 |
| redhat | jboss_enterprise_application_platform | 7.2.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
References