CVE-2018-14627 — MEDIUM (5.3)

Q: How severe is CVE-2018-14627?

CVE-2018-14627 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-14627?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Wildfly.

Vulnerability Description

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Wildfly	< 14.0.0

Related Weaknesses (CWE)

CWE-319

References

https://access.redhat.com/errata/RHSA-2018:3527Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3528Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3529Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3595Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627Issue TrackingPatchThird Party Advisory
https://issues.jboss.org/browse/WFLY-9107Third Party Advisory
https://security.netapp.com/advisory/ntap-20181221-0002/
https://access.redhat.com/errata/RHSA-2018:3527Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3528Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3529Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3595Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627Issue TrackingPatchThird Party Advisory
https://issues.jboss.org/browse/WFLY-9107Third Party Advisory
https://security.netapp.com/advisory/ntap-20181221-0002/

FAQ

What is CVE-2018-14627?

CVE-2018-14627 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting all...

How severe is CVE-2018-14627?

CVE-2018-14627 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-14627?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Wildfly.