{ "threat_severity" : "Moderate", "public_date" : "2019-10-11T00:00:00Z", "bugzilla" : { "description" : "wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default", "id" : "1751227", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1751227" }, "cvss3" : { "cvss3_base_score" : "5.2", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H", "status" : "verified" }, "cwe" : "CWE-284", "details" : [ "A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server", "It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server." ], "acknowledgement" : "Red Hat would like to thank Fábio Magalhães de Andrade (Sonda Ativas), Juliano de Castro Santos (UnimedBH), and Leonard Lunardi (UnimedBH) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Data Grid 7.3.4", "release_date" : "2020-03-05T00:00:00Z", "advisory" : "RHSA-2020:0728", "cpe" : "cpe:/a:redhat:jboss_data_grid:7.3", "package" : "wildfly-core" }, { "product_name" : "Red Hat JBoss EAP 7.2", "release_date" : "2019-10-15T00:00:00Z", "advisory" : "RHSA-2019:3083", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "package" : "wildfly-core" }, { "product_name" : "Red Hat JBoss EAP 7.2", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4021", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "package" : "wildfly-core" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-10-15T00:00:00Z", "advisory" : "RHSA-2019:3082", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-0:7.2.4-2.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4018", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-yasson-0:1.0.5-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-10-15T00:00:00Z", "advisory" : "RHSA-2019:3082", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-0:7.2.4-2.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4019", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-yasson-0:1.0.5-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-10-15T00:00:00Z", "advisory" : "RHSA-2019:3082", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-0:7.2.4-2.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2019-11-26T00:00:00Z", "advisory" : "RHSA-2019:4020", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-yasson-0:1.0.5-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "release_date" : "2020-06-15T00:00:00Z", "advisory" : "RHSA-2020:2565", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_cd:18", "package" : "wildfly-core" }, { "product_name" : "Red Hat Single Sign-On 7.3", "release_date" : "2019-12-02T00:00:00Z", "advisory" : "RHSA-2019:4045", "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.3", "package" : "wildfly-core" }, { "product_name" : "Red Hat Single Sign-On 7.3 for RHEL 6", "release_date" : "2019-12-02T00:00:00Z", "advisory" : "RHSA-2019:4040", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7::el6", "package" : "rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el6sso" }, { "product_name" : "Red Hat Single Sign-On 7.3 for RHEL 7", "release_date" : "2019-12-02T00:00:00Z", "advisory" : "RHSA-2019:4041", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7::el7", "package" : "rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el7sso" }, { "product_name" : "Red Hat Single Sign-On 7.3 for RHEL 8", "release_date" : "2019-12-02T00:00:00Z", "advisory" : "RHSA-2019:4042", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7::el8", "package" : "rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el8sso" }, { "product_name" : "Text-Only RHOAR", "release_date" : "2020-05-18T00:00:00Z", "advisory" : "RHSA-2020:2067", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" } ], "package_state" : [ { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Not affected", "package_name" : "wildfly-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Not affected", "package_name" : "wildfly-core", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Not affected", "package_name" : "jbossas", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "wildfly-core", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Out of support scope", "package_name" : "wildfly-core", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Affected", "package_name" : "wildfly-core", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "wildfly-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-14838\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14838\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14838" ], "name" : "CVE-2019-14838", "csaw" : false }