Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:44208
HistoryNov 09, 2023 - 7:59 a.m.

Information Disclosure

2023-11-0907:59:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
wildfly-controller
vulnerability
resolve-expression
hal interface
authorization check
system property
environment variables
information disclosure
malicious user
sensitive information
software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

32.5%

JSON

org.wildfly.core: wildfly-controller is vulnerable to Information Disclosure. The vulnerability is caused by a missing authorization check in the resolve-expression HAL interface while reading a system property or environment variables. This can lead to a malicious user accessing the Wildfly system and obtain sensitive information.

Related

vulnrichment 1
nvd 1
github 1
prion 1
cve 1
redhatcve 1
osv 1
cvelist 1
redhat 4
nessus 3
vulnrichment
vulnrichment
CVE-2023-4061 Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor
2023-11-08 00:56:05
nvd
nvd
CVE-2023-4061
2023-11-08 01:15:08
github
github
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability
2023-11-08 03:30:32
prion
prion
Design/Logic Flaw
2023-11-08 01:15:00
cve
cve
CVE-2023-4061
2023-11-08 01:15:08
redhatcve
redhatcve
CVE-2023-4061
2023-10-05 16:54:48
osv
osv
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability
2023-11-08 03:30:32
cvelist
cvelist
CVE-2023-4061 Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor
2023-11-08 00:56:05
redhat
redhat
(RHSA-2023:5488) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update
2023-10-05 20:16:39
(RHSA-2023:5484) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7
2023-10-05 20:11:22
(RHSA-2023:5486) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9
2023-10-05 20:11:26
nessus
nessus
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7 (Important) (RHSA-2023:5484)
2023-10-05 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8 (Important) (RHSA-2023:5485)
2023-10-06 00:00:00
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9 (Important) (RHSA-2023:5486)
2023-10-06 00:00:00

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

32.5%

JSON
Related for VERACODE:44208
vulnrichment1nvd1github1prion1cve1redhatcve1osv1cvelist1redhat4nessus3