Vulnerability identifier: #VU23017
Vulnerability risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
WildFly Security Manager
Web applications /
Modules and components for CMS
Vendor: Red Hat Inc.
Description
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improper authorization checks in WidlFly security manager, when running under JDK 11 or 8, that successfully authorizes requests for any requesters . A locally deployed application on the server can gain access to sensitive information.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
WildFly Security Manager: 1.0.0 - 1.1.2
External links
http://access.redhat.com/errata/RHSA-2019:4018
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.