Lucene search
Veracode Vulnerability DatabaseVERACODE:17591HistoryMay 02, 2019 - 5:48 a.m.
Authorization Bypass
2019-05-0205:48:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.006 Low
EPSS
Percentile
79.2%
wildfly-ee is vulnerable to authorization bypass. The vulnerability exists as an incorrect SecurityIdentity for wildfly-ee concurrency could be used when a ElytronManagedThread that uses a different SecurityIdentity does not terminate from its previous thread and executes a new job.
References
access.redhat.com/errata/RHSA-2019:1106
access.redhat.com/errata/RHSA-2019:1107
access.redhat.com/errata/RHSA-2019:1108
access.redhat.com/errata/RHSA-2019:1140
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3894
github.com/wildfly/wildfly/commit/84975f8a4dd5f243c7ff5122c0d36783b116a0d7
github.com/wildfly/wildfly/pull/12159
issues.jboss.org/browse/WFLY-11846
security.netapp.com/advisory/ntap-20190517-0004/
Related
nvd
nvd
CVE-2019-3894
2019-05-03 20:29:01
prion
prion
Code injection
2019-05-03 20:29:00
redhatcve
redhatcve
CVE-2019-3894
2019-10-08 06:01:47
osv
osv
CVE-2019-3894
2019-05-03 20:29:01
cve
cve
CVE-2019-3894
2019-05-03 20:29:01
cvelist
cvelist
CVE-2019-3894
2019-05-03 19:25:58
redhat
redhat
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2019:1107)
2019-05-13 00:00:00
RHEL 7 : JBoss EAP (RHSA-2019:1108)
2019-05-13 00:00:00