Vulnerability Description
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Wildfly Elytron | < 1.11.3 |
| Redhat | Codeready Studio | 12.0 |
| Redhat | Descision Manager | 7.0 |
| Redhat | Jboss Fuse | 7.0.0 |
| Redhat | Process Automation | 7.0 |
| Netapp | Oncommand Insight | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1825714Issue TrackingMitigationVendor Advisory
- https://security.netapp.com/advisory/ntap-20201223-0002/Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1825714Issue TrackingMitigationVendor Advisory
- https://security.netapp.com/advisory/ntap-20201223-0002/Third Party Advisory
FAQ
What is CVE-2020-10714?
CVE-2020-10714 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. T...
How severe is CVE-2020-10714?
CVE-2020-10714 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10714?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Wildfly Elytron, Redhat Codeready Studio, Redhat Descision Manager, Redhat Jboss Fuse, Redhat Process Automation.