Vulnerability Details CVE-2019-14838
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.8%
CVSS Severity
CVSS v3 Score 5.2
CVSS v2 Score 4.0
References
- https://access.redhat.com/errata/RHSA-2019:3082
- https://access.redhat.com/errata/RHSA-2019:3083
- https://access.redhat.com/errata/RHSA-2019:4018
- https://access.redhat.com/errata/RHSA-2019:4019
- https://access.redhat.com/errata/RHSA-2019:4020
- https://access.redhat.com/errata/RHSA-2019:4021
- https://access.redhat.com/errata/RHSA-2019:4040
- https://access.redhat.com/errata/RHSA-2019:4041
- https://access.redhat.com/errata/RHSA-2019:4042
- https://access.redhat.com/errata/RHSA-2019:4045
- https://access.redhat.com/errata/RHSA-2020:0728
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14838
- https://access.redhat.com/errata/RHSA-2019:3082
- https://access.redhat.com/errata/RHSA-2019:3083
- https://access.redhat.com/errata/RHSA-2019:4018
- https://access.redhat.com/errata/RHSA-2019:4019
- https://access.redhat.com/errata/RHSA-2019:4020
- https://access.redhat.com/errata/RHSA-2019:4021
- https://access.redhat.com/errata/RHSA-2019:4040
- https://access.redhat.com/errata/RHSA-2019:4041
- https://access.redhat.com/errata/RHSA-2019:4042
- https://access.redhat.com/errata/RHSA-2019:4045
- https://access.redhat.com/errata/RHSA-2020:0728
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14838
Products affected by CVE-2019-14838
-
cpe:2.3:a:redhat:data_grid:7.3.4
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.4
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.5
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0
-
cpe:2.3:a:redhat:single_sign-on:7.3.5
-
cpe:2.3:a:redhat:wildfly_core:7.0.0
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0