Main Vulnerability Database Vulnerabilities #VU23017

Improper Authorization in WildFly Security Manager - CVE-2019-14843

Published: November 27, 2019

Vulnerability identifier: #VU23017

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-14843

CWE-ID: CWE-285

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
WildFly Security Manager

Detailed vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to improper authorization checks in WidlFly security manager, when running under JDK 11 or 8, that successfully authorizes requests for any requesters . A locally deployed application on the server can gain access to sensitive information.

How to mitigate CVE-2019-14843

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://access.redhat.com/errata/RHSA-2019:4018

Improper Authorization in WildFly Security Manager - CVE-2019-14843

Detailed vulnerability description

How to mitigate CVE-2019-14843

Sources

Please verify you're human