VDB
CVE-2019-3894
CVE-2019-3894
PUBLISHED
CVSS 5.400000095367432 MEDIUM
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.
EPSS 1.16% · 79.0th percentile
Risk Scores
CVSS 3.0
5.400000095367432
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
1.16%
79.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | wildfly | affects from 11 to 16 |
| redhat | jboss_enterprise_application_platform | 7.0.0 |
| redhat | wildfly | 11.0.0 |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3894 (circl)
- RHSA-2019:1107 (circl)
- RHSA-2019:1108 (circl)
- RHSA-2019:1106 (circl)
- RHSA-2019:1140 (circl)
- https://security.netapp.com/advisory/ntap-20190517-0004/ (circl)
Timeline
- May 3, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3894 url
- RHSA-2019:1107 vendor-advisory
- RHSA-2019:1108 vendor-advisory
- RHSA-2019:1106 vendor-advisory
- RHSA-2019:1140 vendor-advisory
- https://security.netapp.com/advisory/ntap-20190517-0004/ url
- https://nvd.nist.gov/vuln/detail/CVE-2019-3894 advisory
- https://security.netapp.com/advisory/ntap-20190517-0004 url