Main Vulnerability Database Vulnerabilities #VU30430

#VU30430 Information disclosure in JBoss Enterprise Application Platform - CVE-2019-14885

Published: January 23, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30430

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-14885

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
JBoss Enterprise Application Platform

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

Remediation

Install update from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885

#VU30430 Information disclosure in JBoss Enterprise Application Platform - CVE-2019-14885

Description

Remediation

External links

Please verify you're human