(RHSA-2019:3082) Moderate: Red Hat JBoss Enterprise Application Platform 7.2 security update

2019-10-1517:06:47

access.redhat.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

60.2%

JSON

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on WildFly.

This asynchronous patch is a security update for the wildfly-core package in Red Hat JBoss Enterprise Application Platform 7.2.

Security Fix(es):

wildfly-core: Incorrect privileges for ‘Monitor’, ‘Auditor’ and ‘Deployer’ user by default (CVE-2019-14838)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat6noarcheap7-wildfly-javadocs< 7.2.4-2.SP1_redhat_00001.1.el6eapeap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm
RedHat8noarcheap7-wildfly-modules< 7.2.4-2.SP1_redhat_00001.1.el8eapeap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm
RedHat7noarcheap7-wildfly< 7.2.4-2.SP1_redhat_00001.1.el7eapeap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm
RedHat8noarcheap7-wildfly< 7.2.4-2.SP1_redhat_00001.1.el8eapeap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm
RedHat7noarcheap7-wildfly-java-jdk11< 7.2.4-2.SP1_redhat_00001.1.el7eapeap7-wildfly-java-jdk11-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-wildfly-javadocs< 7.2.4-2.SP1_redhat_00001.1.el7eapeap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm
RedHat6noarcheap7-wildfly-modules< 7.2.4-2.SP1_redhat_00001.1.el6eapeap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm
RedHat6noarcheap7-wildfly< 7.2.4-2.SP1_redhat_00001.1.el6eapeap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm
RedHat7noarcheap7-wildfly-java-jdk8< 7.2.4-2.SP1_redhat_00001.1.el7eapeap7-wildfly-java-jdk8-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm
RedHat8noarcheap7-wildfly-javadocs< 7.2.4-2.SP1_redhat_00001.1.el8eapeap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	noarch	eap7-wildfly-javadocs	< 7.2.4-2.SP1_redhat_00001.1.el6eap	eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm
RedHat	8	noarch	eap7-wildfly-modules	< 7.2.4-2.SP1_redhat_00001.1.el8eap	eap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm
RedHat	7	noarch	eap7-wildfly	< 7.2.4-2.SP1_redhat_00001.1.el7eap	eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm
RedHat	8	noarch	eap7-wildfly	< 7.2.4-2.SP1_redhat_00001.1.el8eap	eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm
RedHat	7	noarch	eap7-wildfly-java-jdk11	< 7.2.4-2.SP1_redhat_00001.1.el7eap	eap7-wildfly-java-jdk11-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm
RedHat	7	noarch	eap7-wildfly-javadocs	< 7.2.4-2.SP1_redhat_00001.1.el7eap	eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm
RedHat	6	noarch	eap7-wildfly-modules	< 7.2.4-2.SP1_redhat_00001.1.el6eap	eap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm
RedHat	6	noarch	eap7-wildfly	< 7.2.4-2.SP1_redhat_00001.1.el6eap	eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm
RedHat	7	noarch	eap7-wildfly-java-jdk8	< 7.2.4-2.SP1_redhat_00001.1.el7eap	eap7-wildfly-java-jdk8-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm
RedHat	8	noarch	eap7-wildfly-javadocs	< 7.2.4-2.SP1_redhat_00001.1.el8eap	eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm