#VU23017 Improper Authorization in WildFly Security Manager - CVE-2019-14843
Published: November 27, 2019
Vulnerability identifier: #VU23017
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-14843
CWE-ID: CWE-285
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
WildFly Security Manager
WildFly Security Manager
Software vendor:
Red Hat Inc.
Red Hat Inc.
Description
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improper authorization checks in WidlFly security manager, when running under JDK 11 or 8, that successfully authorizes requests for any requesters . A locally deployed application on the server can gain access to sensitive information.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.