Information Exposure in JBoss EAP by Red Hat
CVE-2019-14885

5.4MEDIUM

Key Information:

Vendor: Red Hat
Status: Jboss Eap
Vendor: CVE Published:; 23 January 2020

Summary

A security flaw in the JBoss EAP Vault system allows for the inadvertent disclosure of sensitive system property security attribute values. When executing a JBoss CLI 'reload' command, confidential information is logged, potentially exposing it to unauthorized access. This issue exists in all versions prior to 7.2.6.GA, impacting the confidentiality of sensitive data within the JBoss EAP environment.

Affected Version(s)

JBoss EAP All versions before 7.2.6.GA

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2020
Vulnerability Reserved
Aug 10, 2019