CVE-2019-10212 — CRITICAL (9.8)

Q: What is CVE-2019-10212?

CVE-2019-10212 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

Q: How severe is CVE-2019-10212?

CVE-2019-10212 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-10212?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Undertow, Redhat Jboss Data Grid, Redhat Jboss Enterprise Application Platform, Redhat Jboss Fuse, Redhat Openshift Application Runtimes.

Vulnerability Description

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Undertow	< 2.0.20
Redhat	Jboss Data Grid	>= 7.0.0, <= 7.3
Redhat	Jboss Enterprise Application Platform	-
Redhat	Jboss Fuse	>= 7.0.0, <= 7.4
Redhat	Openshift Application Runtimes	-
Redhat	Single Sign-On	>= 7.0, <= 7.3
Netapp	Active Iq Unified Manager	-
Redhat	Enterprise Linux	8.0

Related Weaknesses (CWE)

CWE-532

References

https://access.redhat.com/errata/RHSA-2019:2998Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0727Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212Issue TrackingMitigationVendor Advisory
https://security.netapp.com/advisory/ntap-20220210-0017/Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2998Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0727Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212Issue TrackingMitigationVendor Advisory
https://security.netapp.com/advisory/ntap-20220210-0017/Third Party Advisory

FAQ

What is CVE-2019-10212?

CVE-2019-10212 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

How severe is CVE-2019-10212?

CVE-2019-10212 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-10212?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Undertow, Redhat Jboss Data Grid, Redhat Jboss Enterprise Application Platform, Redhat Jboss Fuse, Redhat Openshift Application Runtimes.