#VU64037 Incorrect authorization in Wildfly Elytron - CVE-2022-0866
Published: June 7, 2022
Vulnerability identifier: #VU64037
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-0866
CWE-ID: CWE-863
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Wildfly Elytron
Wildfly Elytron
Software vendor:
Red Hat Inc.
Red Hat Inc.
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect authorization. The vulnerability can lead to possible disclosure of the wrong caller principal that can be returned from EJBComponent#getCallerPrincipal.
The vulnerability exists due to incorrect authorization. The vulnerability can lead to possible disclosure of the wrong caller principal that can be returned from EJBComponent#getCallerPrincipal.
Remediation
Install updates from vendor's website.