A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required High
Scope Unchanged
Confidentiality Impact None
Integrity Impact High
Availability Impact None
User Interaction None
Attack Vector Network
Attack Complexity Low
Privileges Required High
Scope Unchanged
Confidentiality Impact None
Integrity Impact Low
Availability Impact High
User Interaction Required
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:L/Au:S/C:N/I:P/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Redhat |
|
Configuration 1 [-]
|
Configuration 2 [-]
AND |
|
Configuration 3 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
Red Hat Data Grid 7.3.4 | |||
wildfly-core | cpe:/a:redhat:jboss_data_grid:7.3 | RHSA-2020:0728 | 2020-03-05T00:00:00Z |
Red Hat JBoss EAP 7.2 | |||
wildfly-core | cpe:/a:redhat:jboss_enterprise_application_platform:7.2 | RHSA-2019:3083 | 2019-10-15T00:00:00Z |
wildfly-core | cpe:/a:redhat:jboss_enterprise_application_platform:7.2 | RHSA-2019:4021 | 2019-11-26T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 | |||
eap7-wildfly-0:7.2.4-2.SP1_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:3082 | 2019-10-15T00:00:00Z |
eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
eap7-yasson-0:1.0.5-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 | RHSA-2019:4018 | 2019-11-26T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 | |||
eap7-wildfly-0:7.2.4-2.SP1_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:3082 | 2019-10-15T00:00:00Z |
eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
eap7-yasson-0:1.0.5-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 | RHSA-2019:4019 | 2019-11-26T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 | |||
eap7-wildfly-0:7.2.4-2.SP1_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:3082 | 2019-10-15T00:00:00Z |
eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
eap7-yasson-0:1.0.5-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8 | RHSA-2019:4020 | 2019-11-26T00:00:00Z |
Red Hat JBoss Enterprise Application Platform Continuous Delivery | |||
wildfly-core | cpe:/a:redhat:jboss_enterprise_application_platform_cd:18 | RHSA-2020:2565 | 2020-06-15T00:00:00Z |
Red Hat Single Sign-On 7.3 | |||
wildfly-core | cpe:/a:redhat:jboss_single_sign_on:7.3 | RHSA-2019:4045 | 2019-12-02T00:00:00Z |
Red Hat Single Sign-On 7.3 for RHEL 6 | |||
rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el6sso | cpe:/a:redhat:red_hat_single_sign_on:7::el6 | RHSA-2019:4040 | 2019-12-02T00:00:00Z |
Red Hat Single Sign-On 7.3 for RHEL 7 | |||
rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el7sso | cpe:/a:redhat:red_hat_single_sign_on:7::el7 | RHSA-2019:4041 | 2019-12-02T00:00:00Z |
Red Hat Single Sign-On 7.3 for RHEL 8 | |||
rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el8sso | cpe:/a:redhat:red_hat_single_sign_on:7::el8 | RHSA-2019:4042 | 2019-12-02T00:00:00Z |
Text-Only RHOAR | |||
cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2020:2067 | 2020-05-18T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2019-10-14T14:32:53
Updated: 2024-08-05T00:26:39.125Z
Reserved: 2019-08-10T00:00:00
Link: CVE-2019-14838
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-10-14T15:15:09.710
Modified: 2024-11-21T04:27:28.240
Link: CVE-2019-14838
Redhat