Vulnerability Description
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | - |
| Redhat | Jboss Enterprise Application Platform Expansion Pack | - |
| Redhat | Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:7637Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:7638Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:7639Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:7641Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-4503Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2184751Issue Tracking
- https://access.redhat.com/errata/RHSA-2023:7637Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:7638Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:7639Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:7641Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-4503Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2184751Issue Tracking
FAQ
What is CVE-2023-4503?
CVE-2023-4503 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to ac...
How severe is CVE-2023-4503?
CVE-2023-4503 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4503?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Application Platform Expansion Pack, Redhat Enterprise Linux.