Unsecured Server Provisioning Vulnerability in Galleon
CVE-2023-4503

6.8MEDIUM

What is CVE-2023-4503?

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

Affected Version(s)

Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 0:2.2.28-1.SP1_redhat_00001.1.el8eap

Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 0:7.4.14-5.GA_redhat_00002.1.el8eap

Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 0:2.2.28-1.SP1_redhat_00001.1.el9eap

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.