Description
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14843
Scores
CVSS v3
8.8
EPSS
0.0018
EPSS Percentile
38.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-592
CWE-863
Status
published
Products (3)
redhat/jboss_enterprise_application_platform
7.2.0
redhat/single_sign-on
7.3
redhat/single_sign-on
Published
Jan 07, 2020
Tracked Since
Feb 18, 2026