A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
2019-10-14T15:15:09.710
2024-11-21T04:27:28.240
Modified
CVSSv3.1: 4.9 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:P/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | redhat | wildfly_core | 7.0.0 | Yes |
| Application | redhat | wildfly_core | 7.0.0 | Yes |
| Application | redhat | wildfly_core | 7.0.0 | Yes |
| Application | redhat | wildfly_core | 7.0.0 | Yes |
| Application | redhat | wildfly_core | 7.0.0 | Yes |
| Application | redhat | wildfly_core | 7.0.0 | Yes |
| Application | redhat | wildfly_core | 7.0.0 | Yes |
| Application | redhat | wildfly_core | 7.0.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 7.2.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 7.2.5 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 7.3.0 | Yes |
| Application | redhat | single_sign-on | 7.3.5 | Yes |
| Operating System | redhat | enterprise_linux | 6.0 | No |
| Operating System | redhat | enterprise_linux | 7.0 | No |
| Operating System | redhat | enterprise_linux | 8.0 | No |
| Application | redhat | data_grid | 7.3.4 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 7.2.4 | Yes |