CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-1732

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.0%

CVSS Severity

CVSS v3 Score 4.2

CVSS v2 Score 4.9

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732
https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54

Products affected by CVE-2020-1732

Redhat » Jboss Enterprise Application Platform » Version: 7.0.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0
Redhat » Jboss Enterprise Application Platform Continuous Delivery » Version: N/A

cpe:2.3:a:redhat:jboss_enterprise_application_platform_continuous_delivery:-
Redhat » Openshift Application Runtimes » Version: N/A

cpe:2.3:a:redhat:openshift_application_runtimes:-
Redhat » Soteria » Version: N/A

cpe:2.3:a:redhat:soteria:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-1732

Products

Pricing

Contact Us