Main Vulnerability Database Vulnerabilities #VU30430

Information disclosure in JBoss Enterprise Application Platform - CVE-2019-14885

Published: January 23, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30430

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-14885

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
JBoss Enterprise Application Platform

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

How to mitigate CVE-2019-14885

Install update from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885

Information disclosure in JBoss Enterprise Application Platform - CVE-2019-14885

Detailed vulnerability description

How to mitigate CVE-2019-14885

Sources

Please verify you're human