Vulnerability Description
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Wildfly Elytron | < 1.6.8.final-redhat-00001 |
| Redhat | Decision Manager | 7.0 |
| Redhat | Process Automation | 7.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1807707Issue TrackingVendor Advisory
- https://security.netapp.com/advisory/ntap-20201001-0005/Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1807707Issue TrackingVendor Advisory
- https://security.netapp.com/advisory/ntap-20201001-0005/Third Party Advisory
FAQ
What is CVE-2020-1748?
CVE-2020-1748 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an i...
How severe is CVE-2020-1748?
CVE-2020-1748 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1748?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Wildfly Elytron, Redhat Decision Manager, Redhat Process Automation.