Vulnerability Details CVE-2019-14887
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.0%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 6.4
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14887
- https://issues.redhat.com/browse/JBEAP-17965
- https://security.netapp.com/advisory/ntap-20200327-0007/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14887
- https://issues.redhat.com/browse/JBEAP-17965
- https://security.netapp.com/advisory/ntap-20200327-0007/
Products affected by CVE-2019-14887
-
cpe:2.3:a:redhat:jboss_data_grid:7.0.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0
-
cpe:2.3:a:redhat:jboss_fuse:7.0.0
-
cpe:2.3:a:redhat:openshift_application_runtimes:-
-
cpe:2.3:a:redhat:single_sign-on:7.0
-
cpe:2.3:a:redhat:wildfly:7.2.0
-
cpe:2.3:a:redhat:wildfly:7.2.3
-
cpe:2.3:a:redhat:wildfly:7.2.5