A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HRed Hat Jboss Enterprise Application Platform
APPRedhat7.2.0Red Hat Single Sign On
APPRedhat7.3
Powiązane podatności
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...
Brak walidacji nagłówka Host w serwerze Undertow HTTP
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerabili...
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the ...
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would perm...