1. Home
  2. CVE Database
  3. CVE-2019-14838
MEDIUM · 4.9

CVE-2019-14838

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

Vulnerability Description

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
RedhatWildfly Core7.0.0
RedhatJboss Enterprise Application Platform7.2.0
RedhatSingle Sign-On7.3.5
RedhatEnterprise Linux6.0
RedhatData Grid7.3.4

Related Weaknesses (CWE)

CWE-269CWE-284

References

FAQ

What is CVE-2019-14838?

CVE-2019-14838 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

How severe is CVE-2019-14838?

CVE-2019-14838 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14838?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Wildfly Core, Redhat Jboss Enterprise Application Platform, Redhat Single Sign-On, Redhat Enterprise Linux, Redhat Data Grid.