CVE-2018-14627
MEDIUMWildFly < 14.0.0 - Cleartext Transmission of Sensitive Information via IIOP OpenJDK Subsystem
Title source: llmDescription
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
References (7)
Core 7
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3528
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3527
Third Party Advisory x_refsource_confirm
https://issues.jboss.org/browse/WFLY-9107
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20181221-0002/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3595
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3529
Scores
CVSS v3
5.3
EPSS
0.0111
EPSS Percentile
61.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (1)
redhat/wildfly
< 14.0.0
Published
Sep 04, 2018
Tracked Since
Feb 18, 2026