CVE-2019-14838

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

References

https://access.redhat.com/errata/RHSA-2019:3082

https://access.redhat.com/errata/RHSA-2019:3083

https://access.redhat.com/errata/RHSA-2019:4018

https://access.redhat.com/errata/RHSA-2019:4019

https://access.redhat.com/errata/RHSA-2019:4020

https://access.redhat.com/errata/RHSA-2019:4021

https://access.redhat.com/errata/RHSA-2019:4040

https://access.redhat.com/errata/RHSA-2019:4041

https://access.redhat.com/errata/RHSA-2019:4042

https://access.redhat.com/errata/RHSA-2019:4045

https://access.redhat.com/errata/RHSA-2020:0728

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14838

Details

Source: MITRE

Published: 2019-10-14

Updated: 2020-10-13

Type: CWE-269

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 4.9

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 1.2

Severity: MEDIUM

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
132314Red Hat JBoss Enterprise Application Platform 7.x < 7.2.5 Multiple VulnerabilitiesNessusCGI abuses
high
132313Red Hat JBoss Enterprise Application Platform 7.x < 7.2.4 Authorization BypassNessusCGI abuses
medium
131529RHEL 8 : Red Hat Single Sign-On 7.3.5 (RHSA-2019:4042) (Ping Flood) (Reset Flood) (Settings Flood)NessusRed Hat Local Security Checks
high
131528RHEL 7 : Red Hat Single Sign-On 7.3.5 (RHSA-2019:4041) (Ping Flood) (Reset Flood) (Settings Flood)NessusRed Hat Local Security Checks
high
131527RHEL 6 : Red Hat Single Sign-On 7.3.5 (RHSA-2019:4040) (Ping Flood) (Reset Flood) (Settings Flood)NessusRed Hat Local Security Checks
high
131524RHEL 8 : JBoss EAP (RHSA-2019:4020) (Data Dribble) (Ping Flood) (Reset Flood) (Settings Flood)NessusRed Hat Local Security Checks
high
131523RHEL 7 : JBoss EAP (RHSA-2019:4019) (Data Dribble) (Ping Flood) (Reset Flood) (Settings Flood)NessusRed Hat Local Security Checks
high
131522RHEL 6 : JBoss EAP (RHSA-2019:4018) (Data Dribble) (Ping Flood) (Reset Flood) (Settings Flood)NessusRed Hat Local Security Checks
high
129991RHEL 6 / 7 / 8 : JBoss EAP (RHSA-2019:3082)NessusRed Hat Local Security Checks
medium