CVE-2019-14838 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-14838

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

Published: Oct 14, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-14838
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
redhat / wildfly_core	7.0.0-alpha1	7.0.0-alpha1.x
redhat / wildfly_core	7.0.0-alpha2	7.0.0-alpha2.x
redhat / wildfly_core	7.0.0-alpha3	7.0.0-alpha3.x
redhat / wildfly_core	7.0.0-alpha4	7.0.0-alpha4.x
redhat / wildfly_core	7.0.0-alpha5	7.0.0-alpha5.x
redhat / wildfly_core	7.0.0-cr1	7.0.0-cr1.x
redhat / wildfly_core	7.0.0-beta1	7.0.0-beta1.x
redhat / wildfly_core	7.0.0	7.0.0.x
redhat / jboss_enterprise_application_platform	7.2.0	7.2.0.x
redhat / jboss_enterprise_application_platform	7.2.5	7.2.5.x
redhat / jboss_enterprise_application_platform	7.3.0	7.3.0.x
redhat / single_sign-on	7.3.5	7.3.5.x
redhat / data_grid	7.3.4	7.3.4.x
redhat / jboss_enterprise_application_platform	7.2.4	7.2.4.x