Unsecured Server Provisioning Vulnerability in Galleon
CVE-2023-4503

6.8MEDIUM

Key Information:

Vendor: Red Hat
Status: Eap 7.4.14; Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8; Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9; Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7
Vendor: CVE Published:; 6 February 2024

🔔 Create Red Hat Vulnerability Alert

What is CVE-2023-4503?

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

Affected Version(s)

Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 0:2.2.28-1.SP1_redhat_00001.1.el8eap

Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 0:7.4.14-5.GA_redhat_00002.1.el8eap

Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 0:2.2.28-1.SP1_redhat_00001.1.el9eap

References

https://access.redhat.com/errata/RHSA-2023:7637

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2023:7638

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2023:7639

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2024
Vulnerability Reserved
Aug 23, 2023

.