CVE-2019-14838

MEDIUM

WildFly Core < 7.2.5.GA - Improper Access Control for Management Users

Title source: llm
STIX 2.1

Description

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

References (12)

Core 12
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14838
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3083
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3082
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4018
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4019
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4021
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4020
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4045
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4042
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4040
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4041
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0728

Scores

CVSS v3 4.9
EPSS 0.0038
EPSS Percentile 59.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-284 CWE-269
Status published
Products (8)
org.wildfly.core/wildfly-host-controller 0 - 7.2.5.GAMaven
redhat/data_grid 7.3.4
redhat/jboss_enterprise_application_platform 7.2.0
redhat/jboss_enterprise_application_platform 7.2.5
redhat/jboss_enterprise_application_platform 7.3.0
redhat/jboss_enterprise_application_platform 7.2.4
redhat/single_sign-on 7.3.5
redhat/wildfly_core 7.0.0 (8 CPE variants)
Published Oct 14, 2019
Tracked Since Feb 18, 2026