CVE-2019-14838 — Vulnetix

CVE-2019-14838 PUBLISHED CVSS 5.2 MEDIUM

Reported by redhat · Published October 14, 2019

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

Risk Scores

CVSS 3.0

5.2

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H

Affected Products

Vendor	Product	Versions
Red Hat	wildfly-core	before 7.2.5.GA
Maven	org.wildfly.core:wildfly-core-parent	0, 0, 0
Red Hat	wildfly-core	before 7.2.5.GA, before 7.2.5.GA, *
Maven	org.wildfly.core:wildfly-host-controller	0, 0, 0

Timeline

Oct 14, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score

References

x_refsource_CONFIRM
RHSA-2019:3083 vendor-advisoryx_refsource_REDHAT
RHSA-2019:3082 vendor-advisoryx_refsource_REDHAT
RHSA-2019:4018 vendor-advisoryx_refsource_REDHAT
RHSA-2019:4019 vendor-advisoryx_refsource_REDHAT
RHSA-2019:4021 vendor-advisoryx_refsource_REDHAT
RHSA-2019:4020 vendor-advisoryx_refsource_REDHAT
RHSA-2019:4045 vendor-advisoryx_refsource_REDHAT
RHSA-2019:4042 vendor-advisoryx_refsource_REDHAT
RHSA-2019:4040 vendor-advisoryx_refsource_REDHAT
RHSA-2019:4041 vendor-advisoryx_refsource_REDHAT
RHSA-2020:0728 vendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2019-14838 advisory
https://github.com/advisories/GHSA-82v2-f875-73g9 advisory
https://github.com/wildfly/wildfly-core/pull/3981 patch
https://github.com/wildfly/wildfly-core/commit/131fa6880ae1523fac9e96df54dc394b63b0eed3 patch

Open in Interactive Console →