Description
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Affected products
- Red Hat / wildfly-corebefore 7.2.5.GA – before 7.2.5.GA
References
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14838
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3083
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3082
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:4018
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:4019
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:4021
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:4020
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:4045
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:4042
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:4040
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:4041
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2020:0728