Lucene search
Veracode Vulnerability DatabaseVERACODE:33128HistoryNov 29, 2021 - 12:40 a.m.
Privilege Escalation
2021-11-2900:40:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.0004 Low
EPSS
Percentile
12.6%
eap7 is vulnerable to privilege escalation. The vulnerability exists due to the incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration, leading to JBOSS_LOCAL_USER to access all users on the machine.
References
access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
access.redhat.com/errata/RHSA-2021:4676
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1991305
security.netapp.com/advisory/ntap-20220804-0002/
Related
cvelist
cvelist
CVE-2021-3717
2022-05-24 18:18:43
osv
osv
Wildfly-Core user account mismanagement
2022-05-25 00:00:22
CVE-2021-3717
2022-05-24 19:15:09
prion
prion
Design/Logic Flaw
2022-05-24 19:15:00
nvd
nvd
CVE-2021-3717
2022-05-24 19:15:09
redhatcve
redhatcve
CVE-2021-3717
2021-08-18 14:33:46
cve
cve
CVE-2021-3717
2022-05-24 19:15:09
github
github
Wildfly-Core user account mismanagement
2022-05-25 00:00:22
nessus
nessus
