Authorization Flaw in Wildfly Security Manager Affects Red Hat JBoss EAP and SSO
CVE-2019-14843

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Wildfly-security-manager
Vendor: CVE Published:; 7 January 2020

Summary

An authorization flaw exists in Wildfly Security Manager when running under JDK 11 or 8, allowing any requester to authorize requests. This vulnerability permits malicious applications hosted on the app server to access sensitive information and may lead to additional attacks. Specifically, Red Hat JBoss EAP 7 and Red Hat SSO 7 installations are susceptible to this issue, raising concerns about unauthorized data access.

Affected Version(s)

wildfly-security-manager As shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14843

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2020
Vulnerability Reserved
Aug 10, 2019